Adware and Spyware
Adware is a type of program that displays advertisements to help reduce the cost in providing free software or service. Some adware programs are flagged by anti-spyware and anti-virus programs if there advertisements are displayed and collects information without obtaining adequate user consent. Examples of information sent to a remote server are the unique machine code, operating system information, locale (county) and other information collected from the user. Adware is often found bundled with third-party software installation programs.
A spyware program is similar to adware programs because it can also collect information without the knowledge or consent of the end-user. The difference is there are no advertisements displayed unless the spyware program is bundled with adware, as well. Installation of spyware may occur without prominent notice or the user’s knowledge. Spyware is also found in some installation software of third-party programs. Also see spyware piggybacking article.
Both threats are often rated as low or medium risks by security vendors but it depends on the collected information or performance effect on the computer e.g. the computer become slow, pop-ups and advertisements are displayed or the search and home pages are hijacked.
Microsoft’s adware and spyware removal programs are called Windows Defender, Microsoft Security Essentials and Windows Live OneCare Safety scanner. Below are some performance reviews on these programs in how they handle adware and spyware infections in Windows.
Windows Defender v1.1
The anti-spyware program, Windows Defender, is available at no cost to licensed users of Windows. It can monitor the computer for spyware, adware and other potentially unwanted software. It also provides on-demand scan and removal modules.
Windows Defender is built into Windows 7 and Vista operating systems and it’s enabled by default. The Windows Security Center or Action Center will report the status of Windows Defender.
The program can run alongside with antivirus programs that were not developed by Microsoft e.g. NOD32, Avast, Kaspersky Antivirus, Avira AntiVir, etc.
It provides great real-time protection as long as the end-user modifies its default settings. For more on real-time protection setting of Windows Defender, read the linked article.
Adware and Spyware Detection and Removal by Windows Defender
When Windows Defender detects adware in a software installation, the real-time protection will display an alert. The detection alert or warning message has options to remove, review or ignore:
Clicking the remove button will stop the installation of detected adware program and the setup file will be put into quarantine and then removed from the original location e.g. desktop or download folder. Clicking the review button will display the description of the detected adware program (the path and what the program does if you continue to install), with an option to select an action e.g. quarantine, ignore and always allow:
Another example is adware detection on Windows XP computer:
You can still review though the detections provided by Windows Defender when you scan the computer before or after installation of adware programs:
If the computer is already infected by adware, the Windows Defender on-demand scanner can also detect and remove changes to Windows and your browser. Below is an example of a homepage notice in Internet Explorer after the successful removal of Baidu adware:
- Screenshots taken by the author, courtesy of Microsoft.
- Information based on author’s experience.
- Product tested: Windows Defender v1.1.1593.0 on XP and v1.1.1600.0 on Vista.