Pros & Cons
-
- Detected every malware sample in testing and removed all but one.
- Detected every malware and keylogger sample that tried to infest a clean system and prevented all from running.
-
- Installation takes quite a while because it includes a full download of the signature database.
- Real-time protection allowed some malware executables to install (though it prevented them from running).
Spyware Doctor with Antivirus 6 Specs
| OS Compatibility: | Windows Vista |
| OS Compatibility: | Windows XP |
| Type: | Business |
| Type: | Personal |
| Type: | Professional |
For such a big release, Spyware Doctor with AntiVirus 6 is surprisingly free of wild new features. Instead, PC Tools has concentrated on enhancements that that are hidden from view, making the app better at detecting threat variants while still using minimal system resources, and at cleaning up heavily infested systems. It takes advantage of Vista features to protect itself more strongly from direct attack by malware. Most significant is the fact that it now integrates the company's
Getting Started
SDAV6 installation takes quite a while, mainly because the signature database isn't included in the installer; hence the app always downloads the full signature database during installation. As PC Tools' CEO Simon Clausen explains, this ensures that the product's protection is as strong as possible from the very start. To speed the install process even on malware-infested systems, the company raises the installer process's priority.
Even with that priority boost, the entire process of setting up a new installation can take as much as 10 or 15 minutes, especially if the signature download is interrupted and has to restart (which happened several times). After the installer finishes, it runs what they call a "smart update" just in case the program itself needs updating. And after you enter your registration code, it again checks for any updates to features available only to registered users.
SDAV6 jumps into action even before it finishes these program updates. On some test systems, its start-up memory cleaner wiped out a number of threats before the updates even finished. It requested a reboot to finish the job; I waited until the update finished. This start-up scan was effective: It foiled one threat that actively prevents installation of many security products. I didn't install Behavior Guard on these systems, since its emphasis is prevention, not removal.
Scanning on my resource-poor malware-infested virtual machine test systems took a long, long time: nearly 2 hours in some cases. But it turns out the fault was partly mine. Thinking to make the scan more effective, I turned on an option entitled "Scan for rootkit hidden files." According to Clausen, this is almost never necessary and can double the scan time. You'd actually probably use it only when advised to do so by tech support. Indeed, when I retested without that option, the cleanup was just as effective and quite a bit faster. It still took nearly an hour, but in every case it managed to complete its cleanup without requiring extreme measures like scanning in Safe Mode. It rebooted or rebooted and rescanned as necessary to complete the cleanup. A full scan of my standard clean test system was much quicker—just a bit over half an hour.
The results were worth the wait. Spyware Doctor detected every single one of the malware samples and successfully removed all but one of them. As always, I define successful removal to mean that all executable files were removed, but Spyware Doctor goes well beyond this minimal requirement. In most cases it removed almost every trace of the malware threats. On this test it scored 9.8 out of 10, better than any other product I've tested with this particular collection of malware. That's significantly better than the next-highest score of 9.3 for
On a separate test against installed commercial keyloggers instead of malware, Spyware Doctor wasn't as effective. It didn't detect two of the samples at all, and it failed to completely remove several others, scoring 6.8 out of 10. WAVASF topped this test with 7.3 of 10, the same score achieved by
Clean-System Protection
It's great to get active malware out of your computer, but it's even better if the nasty programs never establish a foothold in the first place. Spyware Doctor relies on a set of protections called IntelliGuards to detect and prevent malware infestation at many different levels.
This version of Spyware Doctor adds Behavior Guard, a new feature based on the technology that makes PC Tools' ThreatFire so effective. It watches every process and looks for patterns of behavior that indicate a malicious program. A single suspect behavior, like modifying the start-up sequence, won't trigger it, since legitimate programs may use some of these behaviors. It takes a clearly malicious pattern to set off the alarm.
I installed the product on a clean system and installed the separate Behavior Guard add-on. Next I visited the URLs from which I originally downloaded my current set of testing threats and checked whether Site Guard blocked them. As expected, many of the URLs were no longer valid—almost a third had disappeared. Site Guard alone blocked half of the remaining ones, and that's just the first line of defense.
When I tried to install the malware samples directly by launching previously downloaded files, Spyware Doctor blocked more than half of them the moment I clicked on the file. It didn't delete the malware installer file, as some products do, but it completely prevented me from launching the program. To see how well its detection skill would fare against polymorphic malware, I created modified versions of the threats it blocked on sight. I changed the name, tweaked some nonexecutable bytes, and appended nulls to change the file size. It still blocked all but a few of the modified samples on sight.
Spyware Doctor's multiple layers of defense detected every single malware sample and every single commercial keylogger sample at one point or another in the installation process. A few of them managed to install executable files on the system, but in every case Spyware Doctor prevented the installed program from running. Still, I have to stick with the same rule I apply to all other programs: If the malware installer places an executable file on the system, the protective program gets only half credit. There's always the possibility that Spyware Doctor might crash or otherwise stop suppressing the malicious program, so it's better never to let the executables install at all.
Even so, Spyware Doctor scored an admirable 9.1 of 10 for protection against malware threats, edging out WAVASF's 8.9. Spyware Doctor also impressed when it came to blocking commercial keyloggers. Its 8.3 out of 10 score against keyloggers is the highest of any product tested with this particular set of samples. If Spyware Doctor's real-time protection extended to quarantining detected threats rather than just suppressing them, it would have had a pair of 10s in blocking malware.
This latest edition of Spyware Doctor cleaned up infested test systems better than any product I've tested with my current sample set. With help from its new Behavior Guard, it detected every malware and keylogger sample that tried to infest my clean test system and prevented every single one from running (though it allowed some to install executable files on the system). It also scans faster than its predecessor. This is powerful protection, and easily takes version 5.5's place as our Editors' Choice.
More Antispyware Reviews:
Final Thoughts
Spyware Doctor with Antivirus 6
The latest Spyware Doctor doesn't look any different, but its ability to remove malware and keep clean systems clean is better than ever. It takes a while to install, and scanning is slow on a badly infested system. But it's worth the wait. This is powerful protection!