I recently got an email from Mike Duncan from SuperAntiSpyware. He asked me to become a reseller for superantispyware (SAS).
Well, before I endorse anything like this, I need to try it out, and decide for myself.
I have seen SAS once before, on a badly infected PC, so at the time, I instinctively classified it as either ineffective, or as spyware in disguise (and removed it).
So I download the free edition of SAS, and do a scan of my own system (which I knew was safe). In doing this, I found I had to disable the antivirus (antivir guard), as it would often intervene before WD and SAS could get a look at any infected file.
Once the scan was finished, it found 3 minor problems:
- A large number of tracking cookies (and here is my first and second gripe with SAS: I regard tracking cookies as a necessary part of surfing the net… not something that should be detected as “bad” (as unsophisticated users can get themselves into trouble with this). In particular, coookies from google and major department stores should not be flagged. And when I decided to mark the cookies as trusted, I had to process all 200+ cookies manually (one at a time). NOTE: I tried this again a few weeks later, and found no problem un-selecting all cookies with a single mouse click.
- A false positive: it detected a file from driverpacks.net as an “unknown” infection. (Again, it wasn’t detected a few weeks later)
- Another false positive: it detected c:windowssystemdriverwin32.dll as the winup trojan (it was actually a file from the cygwin system that I use… Once again, it was not detected a few weeks later. Its good to see that SAS are really serious about improving how their product works.
Ok, some temporary false positives. That’s not a huge problem for me. Its just something to keep in mind for the future.
SAS portray themselves as a responsive company, which will remove the nastiest spyware. I’m also led to believe that new spyware is detectable/removable soon after it is detected in the wild. Unfortunately, thats not something I can easily test in a week or two… but I’ll see how things go over the next few months.
But in the meantime, I thought I’d test it against windows defender (my current favorite free antispyware program).
I fired up my virtual PC, and deliberately infected it with a small number of nasy infections from the past, plus some extra ones from malwaredomainlist.com. This is not a comprehensive test, it just allows me to see if I should keep going with SAS.
The first difference between SAS and WD, is that WD includes realtime monitoring/blocking. From my experience, non-technical users tend to forget to do manual scans, so thats something in favour of WD.
The second difference is that when WD detects a malware infection, it usually cleans it up without needing a computer restart… whereas SAS seems to always insist on a restart.
So here is the malware I tested, and the results of scanning with SAS and WD:
- Ultimate Defender: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- VirusHeat: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- AntiVirus2008Pro: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- SpySheriff: Both WD and SAS detect and remove, but WD doesn’t need a restart.
- SpyRemover (from spyremover.com):Â Neither WDÂ nor SAS detect it!
So, in summary:
Both SAS and WD seem about the same, except WD is faster, and has some nice features not present in SAS.
Since I charge customers for my time, then the slowness of SAS is a concern in my day to day work, as infected systems are usually much slower than normal systems, so a quick scan with SAS can end up taking over 1 hour. So I’ll be doing a scan with WD first, and then use SAS if WD doesn’t find anything.
Will I keep using it?
Yes (for the moment).
The reason is simple: In the past, I have often come across “new” infections that my current batch of security software is not able to remove (so I need to wrestle with the infection, and eventually beat it into submission 🙂 ).
If SAS does what its makers say it does (and I must say I’m impressed with what I’ve seen so far), then I can save time (ie customer money) by using it as a front-line tool to remove infections that would otherwise take me over 2 hours to remove.
With my own PCs, I’ll continue to use WD for the moment.