- What is spyware?
- How anti-spyware works
- What to look for in an anti-spyware package?
- Spyware removal
- Scanning options
- Proactive prevention
- Things to avoid
Things to avoid
Spyware can be trickier than viruses to remove. With viruses, you'll generally always want to clean every vestige of the infection from the PC. With spyware, that's not always the case.
This is especially pertinent where removing the spyware means that you don't get to use the associated application anymore. Do I care if I have an adware application if it means I get to continue to use the software I want? Some applications have very good checks on them, and sometimes people are prepared to live with the spyware if it means they can still use the software. Ultimately, this is up to the user.
For this reason a good logging and reporting system in anti-spyware is vital. A log system will keep track of deleted files -- if you have later problems (such as a needed file being deleted), you can go back and track down what happened.
Detailed information about the consequences of your actions is vital in anti-spyware. Some anti-spyware, for instance, provides a list of hundreds, even thousands, of potential spyware offending elements (files, keys, processes and the like) and asks which ones you want to delete. This is not very helpful. The temptation, of course, is to say just remove them all -- which could lead to trouble, since one of the offending elements could be a directory with important documents. Additionally, in some cases spyware will overwrite core system files with modified versions, and the out-and-out deletion of the spyware would often have major consequences for the continued operation of the system.
Look for anti-spyware that provides information about the detected spyware -- its effects, associations and dangers. The major anti-spyware software solutions have become much better at this, often warning about associated software that might cease to function if you choose to remove the spyware. A detailed list of spyware effects is also very useful when determining the risk if you choose to leave the spyware installed.
What is the best combination?
More often than not, a single spyware package will not pick up all the infections on your system. Spyware works on relatively simple premises, and is evolving constantly, which means anti-spyware developers are always one step behind. Thus, it can be better to have a small selection of software which will help cover all your bases. It is important to be thorough, because a single program left undetected can reinstall many of the threats you just spent time removing.
Whilst many of the paid packages can be quite thorough, you can receive very comprehensive system protection through free programs. A great combination is Lavasoft's Ad-aware combined with Merijin's CWShredder and Spybot: Search and Destroy. By running one after the other, starting with Spybot, you should be able to remove most if not all of the threats present on your machine. Spybot also offers a built in system restore option, which creates a restore point for you automatically should you wish to undo your changes.
One final, very powerful free program that can be used as a last resort is Hijackthis. Widely regarded online as one of the best methods of removing spyware that just won't go away, it can also be dangerous to the average user. It runs a scan and lists everything that differs from a clean, spyware free environment. In this way it is great, as it picks up every abnormality on your system, but it will also list friendly changes, such as Internet explorer toolbars, ActiveX plugins and startup programs. Thus, before deleting anything, it is vital you post a log file of your session (Hijackthis will create one) on an appropriate online message board, and experts will reply, advising which entries to delete. This program should only be used as a last resort, but can be very effective when used properly. Be sure to create a system restore point before using. A few message boards where you will receive necessary advice include: