Welcome to Your Worst Malware Nightmare

Author Opinion

The problem with selecting an appropriate anti-malware application comes from vendor-specific definitions of key terminology. Some vendors define spyware narrowly to exclude mention of unwanted inclusions (such as unsolicited ads) with their products, while others are sufficiently general as to produce dozens of false positives in exhaustive searches for poorly parameterized definitions of malware.


Verifying signed applications through third-party entities ensures a certain level of protection against infection from malware agents, but this is by no means a complete solution. Unfortunately, even signed applications can introduce what may be, at least in your mind, spyware or adware simply from the standpoint that you did not want it (and probably did not authorize its installation). This argues forcefully for continuous monitoring and surveillance from anti-malware agents.

Modern combat against various forms of malware involves multiple software components and detection methods to identify good and bad applications correctly. Anti-virus vendors now incorporate spyware and malware scanners as one of their core components, so they can address this burgeoning threat to end-user privacy. Nevertheless, no single anti-spyware package does it all. Where product A may produce an undesirable number of false positives and completely overlook some areas in your system, product B may identify the latter as a veritable hotbed of activity, while failing to confirm the former. Unlike anti-virus packages, which routinely earn 100% effective ratings in well-regarded testing from industry watchers like the U.K.-based Virus Bulletin, no single adware package scores much above 90% against comprehensive test banks, and many products identify and handle between 70% and 80%. That explains why employing two or more anti-spyware agents in tandem seems to be the best way to ensure comprehensive system coverage against threats that can arrive in virtually any disguise and insert itself anywhere. Best practice indicates that one package should be used as a real-time blocker that loads whenever your PC boots and runs continuously, while one (or more) package(s) should be run at least weekly to provide backup scans, so that what one package misses, another can identify.

Join our discussion on this topic