Back to Top

Sunday, October 26, 2008

Stop the "Anti-Spyware" nonsense!

Some time ago the term "spyware" was invented, and promptly "anti-spyware" products appeared. Their "myth" still persists, many people (who should know better!) recommending that you have an "anti-virus and a anti-spyware product" (I've even seen "anti-malware" added to this list which is an even bigger nonsense, since the term malware includes both viruses and spyware!)

There might have been some shortcoming in anti-malware products years ago which allowed these products to appear, however these days there isn't really a difference. Still, we are left with the archaic idea that we must pay ~30 USD a year for such a product in addition to the anti-malware suite.

A quick quiz: what does spyware do?

  • It writes files to the disk - just like any downloader / dropper - AV products can certainly handle that.
  • It writes to the registry (to make itself start automatically for example) - just like a wast majority of malware - AV products can handle that (probably this was the one weak point of anti-malware solutions which allowed these products to appear).
  • It injects DLLs into other processes (for example by registering a BHO) - just like any good password stealer - AV products can certainly handle that.

Both solutions have the same technological underpinnings (blacklisting of files / registry keys), with the anti-malware solutions having a bigger "list". So as much as I disagree with the idea of blacklisting, I would hands down choose the bigger list, especially if it includes the smaller one.

So people, please do your users a favor: stop recommending separate "anti-spyware" solutions.


Post a Comment

You can use some HTML tags, such as <b>, <i>, <a>. Comments are moderated, so there will be a delay until the comment appears. However if you comment, I follow.