superantispyware vs windows defender
I recently got an email from Mike Duncan from SuperAntiSpyware. He asked me to become a reseller for superantispyware (SAS).
Well, before I endorse anything like this, I need to try it out, and decide for myself.
I have seen SAS once before, on a badly infected PC, so at the time, I instinctively classified it as either ineffective, or as spyware in disguise (and removed it).
So I download the free edition of SAS, and do a scan of my own system (which I knew was safe). In doing this, I found I had to disable the antivirus (antivir guard), as it would often intervene before WD and SAS could get a look at any infected file.
Once the scan was finished, it found 3 minor problems:
- A large number of tracking cookies (and here is my first and second gripe with SAS: I regard tracking cookies as a necessary part of surfing the net… not something that should be detected as “bad” (as unsophisticated users can get themselves into trouble with this). In particular, coookies from google and major department stores should not be flagged. And when I decided to mark the cookies as trusted, I had to process all 200+ cookies manually (one at a time). NOTE: I tried this again a few weeks later, and found no problem un-selecting all cookies with a single mouse click.
- A false positive: it detected a file from driverpacks.net as an “unknown” infection. (Again, it wasn’t detected a few weeks later)
- Another false positive: it detected c:windowssystemdriverwin32.dll as the winup trojan (it was actually a file from the cygwin system that I use… Once again, it was not detected a few weeks later. Its good to see that SAS are really serious about improving how their product works.
Ok, some temporary false positives. That’s not a huge problem for me. Its just something to keep in mind for the future.
SAS portray themselves as a responsive company, which will remove the nastiest spyware. I’m also led to believe that new spyware is detectable/removable soon after it is detected in the wild. Unfortunately, thats not something I can easily test in a week or two… but I’ll see how things go over the next few months.
But in the meantime, I thought I’d test it against windows defender (my current favorite free antispyware program).
I fired up my virtual PC, and deliberately infected it with a small number of nasy infections from the past, plus some extra ones from malwaredomainlist.com. This is not a comprehensive test, it just allows me to see if I should keep going with SAS.
The first difference between SAS and WD, is that WD includes realtime monitoring/blocking. From my experience, non-technical users tend to forget to do manual scans, so thats something in favour of WD.
The second difference is that when WD detects a malware infection, it usually cleans it up without needing a computer restart… whereas SAS seems to always insist on a restart.
So here is the malware I tested, and the results of scanning with SAS and WD:
- Ultimate Defender: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- VirusHeat: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- AntiVirus2008Pro: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- SpySheriff: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- SpyRemover (from spyremover.com):Â Neither WDÂ nor SAS detect it!
So, in summary:
Both SAS and WD seem about the same, except WD is faster, and has some nice features not present in SAS.
Since I charge customers for my time, then the slowness of SAS is a concern in my day to day work, as infected systems are usually much slower than normal systems, so a quick scan with SAS can end up taking over 1 hour. So I’ll be doing a scan with WD first, and then use SAS if WD doesn’t find anything.
Will I keep using it?
Yes (for the moment).
The reason is simple: In the past, I have often come across “new” infections that my current batch of security software is not able to remove (so I need to wrestle with the infection, and eventually beat it into submission 🙂 ).
If SAS does what its makers say it does (and I must say I’m impressed with what I’ve seen so far), then I can save time (ie customer money) by using it as a front-line tool to remove infections that would otherwise take me over 2 hours to remove.
With my own PCs, I’ll continue to use WD for the moment.
Well, software which is made by Microsoft will normally be the most suited for Microsoft operating system which in this case, WD would be the better.
However, WD is also designed to control other elements of Windows OS such as the startup programs, network programs and the likes which I think it makes Windows OS more vulnerable.
Startup programs are controlled by msconfig while I think that WD should only be just for antispyware.
That is my opinion though. Have a great day.
SAS requires a restart due to the fact that any memory processess need termination before a proper cleanup can be initiated and a reboot/deletion is the only sure way.
I have been using SAS until a couple months ago when on my vista computer, the SAS rest went from 8 hours to over a week till I had had enough. I have no idea where over 17 million files came from when I have been steadily eliminating files. I use SAS on my firefox 3 XP computers and Firefox worked well enough to keep spyware out but vista is letting spyware in on Firefox 3 and creating a multi synch to keep SAS so busy that users give up before the impossible end (which vista won’t allow to be reached now). The last time I tryed to go long term with SAS, I let my vista laptop run a week solid and the program still wasn’t done yet it registered over 17 million files. Where did all though files come from? I am so floored, sorry.