Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

When It Comes To Anti-Spyware Tools, Accuracy Is Key

How good is your anti-spyware? Can yours “detect 40,000 parasite definitions”? Can yours search for 53,248 spyware components?” Only 22, 984? Wimp! But wait, how can the wimp be rated fifth best out of 20 in a comparative review? What are we counting here? Are we all using base 10 arithmetic?

If you’re confused by the disparities in claims of numbers of spyware detected, and nervous that the anti-spyware software you just purchased doesn’t measure up, join the club. Dozens of anti-spyware software companies are waging war on two fronts. To the east, software engineers and spyware hunters battle against spyware developers. To the west, marketing wonks wage a competition amongst themselves to catch your attention and ultimately, another sale. In our “super-size it” society, what better way than to pile up the statistics?

The Issues In Defining Spyware

In security technology circles, numbers are never more deceiving than when they are applied to intrusion and malicious code detection. In the case of spyware, the numbers are doubly deceptive.

As you may have already surmised, the first deception lies in what’s counted as spyware. I know of no standard definition of what constitutes “one spyware” (if you find one, send it to Congress). Is each ad cookie one spyware instance? Each OLE object? DLL? Executable programs? Can we count a program stored on disk and a process running in memory as two instances? Is each registry item added by a spyware installer package one spyware instance? What if the spyware changes a registry item: can we count that? What if two spyware use the same registry value or substitute their own DLL for a legitimate one? Can I count my competitors by labeling them scamware?

  • 1