Spyware Test -Methods to Identify a Better Anti-Spyware Solution.

Spyware Test Methodology -So How is it Done?.

Comparing performance back-to-back in a spyware test environment.

For duplication and consistency, all tests are performed on the same hardware and software.

(1) Hardware:

Fujitsu Lifebook laptop with 1Gb of RAM.
Running XP Pro SP2 operating system (with latest MS updates).

(2) Software:

(a) System:

Virtual PC 2004(VPC) running Windows 2000 Pro SP4 (with latest MS updates), and 512Mb RAM allocated to VPC.
Evans Tracker v2.3.13.
Mozilla FireFox web browser.

This combination gives a fair test bed of 'average' machines connected to the internet by home users.
The exception is the use of Mozilla web browser. Mozilla is becoming widespread in use and is generally regarded as a more 'secure' browser than Microsoft Internet Explorer.
We draw some interesting conclusions on Mozilla in the spyware test summary.

VPC offers duplication of the uniform spyware test environment by virtue of 'virtual' hard drives, operating independently of the host hard drive and operating system.
The 'virtual' drive may be copied and deleted like any normal file, but in fact holds the entire VPC operating system.
Thus, a VPC drive run inside the host operating system, and infected with spyware, may be used and discarded and a 'fresh' drive opened for the next test.

A list of 'Critical Detections' is created with the aide of VPC and all anti-spyware software is evaluated against removal of these 'detections'.

(b) Anti-Spyware products assessed:

The programs featured on this site are ones we are familiar with and have used or at least tested in 'real life'.
They are free or at least provide free trial periods or some free functions.

Bargain Buddy Bulls Eye.
FSAquatic.
IST Side Find Bar.
IWatchNow.
Media.
SlotchBar IST.
SmileyCentral.
WhenUSave.

Spyware was selected based on its prevalance and currency. A random sample of spyware was selected from the 'Top 25' listed at PC Pitstop website for the months of August and September 2006.

Executibles (.exe files) for the above spyware were obtained and used in each spyware test.
They were loaded onto a VPC image preconfigured with an updated but temporarily disabled version of the anti-spyware software to be tested.
Once any additional files from the internet had been downloaded, and network activity ceased, the system was rebooted.
Upon reboot and after any additional network traffic ceased, the VPC system was isolated from the internet and testing took place.

Tests were conducted in the following way:

A 'before snapshot' of the infected system was taken with 'Evans Tracker v2.3.13.'
The anti-spyware software was run with 'default' settings to detect and remove files.
A system reboot was conducted after removal and an 'after snapshot' taken.
'Tracker' produced a report of files and registry entries removed by the anti-spyware product.
The report was compared against a list of 'critical detections' to see which of these important files had been removed.

Results were tabulated, compared and graded by percentage of 'detections' removed (see spyware test results for the table).