Currently, spyware detection and removal utilities offer more robust spyware handling capabilities than some antivirus programs. Preventing spyware incidents is important, not only because spyware violates users' privacy, but also because it frequently causes functional problems on systems, such as slowing performance or causing application instability.
Although some spyware detection and removal utilities specialize in a particular form of malware, such as malicious Web browser plug-ins, most of the utilities offer wider, and similar, ranges of recommended capabilities, as follows:
- Monitoring the behavior of the applications most likely to be used to place spyware onto systems, such as Web browsers and e-mail clients;
- Performing regular scans of files, memory, and configuration files for known spyware;
- Identifying several types of spyware, including malicious mobile code, Trojan horses, and tracking cookies;
- Quarantining or deleting spyware files (because most spyware files are self-contained, disinfection is usually not applicable);
- Monitoring network drivers and Windows shell settings;
- Monitoring processes and programs that are loaded automatically at start-up;
- Preventing several methods of spyware installation, including pop-up ads, tracking cookies, Web browser plug-in installations, and browser hijacking.
To mitigate spyware threats, organizations should use either spyware detection and removal utilities or antivirus software with the ability to recognize spyware threats. The software should be used on all systems for which satisfactory software is available.
Spyware detection and removal utilities typically rely on spyware signatures, which are similar to those used by antivirus software. The tools are effective at recognizing known threats and variants of known threats, but have varying capabilities to detect unknown threats. In addition, because spyware detection and removal utilities rely on signatures, the software should be kept current with the latest signature and software updates to improve spyware detection. Spyware detection and removal utilities should be complemented by controls such as antivirus software that can detect other types of malware threats. Organizations should also consider using multiple spyware detection and removal utilities to improve detection of spyware threats.
Some spyware detection and removal utilities also offer centralized management and monitoring capabilities. Other utilities do not even offer the ability to check for and download updates automatically, instead relying on users to open the utility and launch the check manually. Organizations considering an enterprise-wide deployment of spyware detection and removal utilities should determine how the utilities can be distributed, configured, and maintained, as well as how their activity can be monitored to identify spyware incidents. Because antivirus software and spyware detection and removal utilities have many similar characteristics, organizations should generally apply the same considerations to both types of products.