Multilayered security systems stem from one thing: If some protection is good, then more protection may very well be better. That's why installing and maintaining antivirus software in areas where files or messages routinely enter and exit organizations is the right thing to do. This includes installing the software on not only servers and workstations, but also routers, firewalls and gateways.
Internet service providers and other organizations deliberately perform the same kinds of screening and filtering on traffic for the same reason. They use black hole lists, black and white lists and all kinds of other techniques to look for and block unwanted e-mail, viruses, spyware and adware at every opportunity.
Don't go it alone
A recent study by the University of Illinois' Eric Howes on the efficacy of anti-adware software (which covers both adware and spyware) showed that no single package could do the whole job by itself. Howes reported that some anti-adware software he tested in October 2004 was able to detect less than half of a list of adware and spyware items he deliberately introduced onto a test machine, and that even the best of these tools couldn't detect more than 75%.
Howe's results are sobering. But they confirm that no single tool by itself suffices to detect and destroy every adware or spyware item. Given the ferocious rate of new introductions and the high mutation rate on existing adware/spyware items,
Most experts recommend that you install and use only a single package to watch for and block spyware and adware in real time (otherwise, conflicts or instability might result if two real-time monitors started battling for precedence in the bowels of your computer's operating system). But those same experts also recommend that you back up that tool with regular scans using one or more other anti-adware packages, so as to catch with one what the other misses. In fact, many newsgroups and forum postings on this subject regularly mention favorite combinations of packages, among which Webroot Software Inc.'s Spy Sweeper, Patrick Kolla's Spybot -- Search and Destroy, and LavaSoft AB's Ad-Aware SE Personal frequently appear in various combinations.
Interestingly, the highest-ranked package, Giant AntiSpyware, was recently acquired by Microsoft and re-released as Microsoft AntiSpyware (currently available in only a free beta version).
Naturally, I was intrigued to read these report results. I decided to dig into my own PCs to look for evidence of unwanted software, suspicious files and other signs of adware or spyware infestation.
Though my results from the half-dozen machines I use for testing and production purposes are far from conclusive, I was encouraged by the results. Other than a few traces of some drivers for devices no longer installed on a couple of machines and a whole slew of "tracking cookies," my search turned up no evidence of uncaught adware or spyware traces. (My computers are all hooked into the Internet, and all but one machine was already covered by two or more anti-adware packages.)
If you are interested in applying my approach, see my Check IT list on SearchSMB.com. There is a small collection of tools anyone can use to inspect their PCs in great detail for signs of adware, spyware and even some Trojans and viruses. These include trace collection or process reporting tools such as HijackThis, WinTasks Professional and Security TaskManager, as well as trace analysis tools Help2GoDetective and HijackThis Analysis. Keep in mind there is a certain amount of grunt work needed when checking objects, DLL or executable file names that HiJack This or the other programs find.
The easiest way to do this is on the Web. Google is a big help here. Though the analysis tools are helpful, sometimes a certain amount of common sense is also required to figure out what's benign, desirable or suspicious. That said, it's an entirely doable, if time-consuming, task.
But while it's undoubtedly true that no single anti-adware package detects or removes all such malware, it's encouraging that most paired combinations of good anti-adware tools seem to result in systems with few or no traces of uncaught and unwanted software. If you make an anti-adware "buddy system" part of your system setup and maintenance routines, you should be able to avoid encountering the potential ill effects that can occur when something slips through your layers of protection.
Ed Tittel is a full-time freelance writer, trainer and consultant who specializes in matters related to information security, markup languages and networking technologies. He's a regular contributor to numerous TechTarget websites and technology editor for Certification Magazine, and he writes an email newsletter for CramSession called "Must Know News."
This was first published in March 2005