Ad-Aware 2007 - This Malware Scanner Doesn't Add Up

Introduction

LavaSoft’s Ad-Aware started out as a free spyware detection application (one of the first) by an obscure German company in the late 1990s. It has grown to be one of the most popular malware scanners available because it worked so well. However, as scanners matured, malware writers got more creative and sophisticated. Malware tools had to keep up. Keeping malevolence at bay is a full-time job. Here in 2007, there are a lot of good scanners that do a decent job of keeping your computer protected. I’m unconvinced that Ad-Aware 2007 is one of them.

I must disclose up front that I’ve been a long-time Ad-Aware fan. I used the free version for years on both my business and personal machines to keep them safe and clean. Because my current security software package includes a spyware scanner, I haven’t had the need to use Ad-Aware in the last year but I came into this review with my expectations set.

The installation, look , and feel of Ad-Aware 2007 shows a predictable improvement . The interface is clean although a little convoluted and confusing at times. The feature set has increased in the time I had used the product (and because I was now using Plus instead of the free version). The scanners are fast and provide solid feedback on problems and issues found. The tool for managing threats remains consistently easy to use.

Problems surfaced, however, when I threw actual spyware behaviors at the application. The runtime scanners failed to detect the test spyware and the full scanning engine did not detect the changes that the test spyware made to my system. This either is a case of mismatched expectations (Ad-Aware isn’t designed to detect the types of changes the test-spyware made) or Ad-Aware has not kept up with recent threats. Given the nature of the tests I ran and the information the descriptive text in Ad-Aware provides, I suspect its more of the latter than the former.

Price to Value (2 out of 5)

What’s Not:
At around $27, Ad-Aware 2007 is moderately priced for what it offers. The product does not perform as advertised and it suffers from an unrefined user interface. For the money, it’s possible to purchase a package that does more than just malware scanning. Overall, it’s a bad deal.

Installation & Setup (4 out of 5)

What’s Hot:

Ad-Aware 2007 is delivered to your hard disks by a custom installer. The installation experience is smooth and takes a relatively short time. The actual time it takes to install the product is incommensurate with the number of dialog boxes you have to click through. LavaSoft should include a one-click option to speed up the process. Even the standard installation option requires multiple clicks of the mouse to get Ad-Aware on the machine.
[adaware_install_stadv.JPG]

Registering Ad-Aware required an internet connection. I entered the license key (which was emailed to me) and the Ad-Aware installer went out to the server to affirm that the key was valid. This most likely means that the same key can’t be used on multiple machines.
[adaware_install_licenseinfo.JPG]

The installer wrote around 39 Mb to the hard disk and approximately 81 registry keys. The uninstaller, which can be removed by rerunning the installer package, removed almost 57 Mb from my hard drive and deleted 11 registry keys. The discrepancy is probably due to the fact that Ad-Aware 2007 downloaded updates on first launch.
[adaware_definitions_update.JPG]
[adaware_remove_software.JPG]

User Interface (3 out of 5)

What’s Hot:
I’ve always appreciated Ad-Aware’s clean, clear interface and Ad-Aware 2007 does not disappoint here. Previous versions made getting into the scanner clearer than but users should have no problem finding the “Scan Now” button in this version. Ad-Aware 2007 uses buttons along the left-hand side of the interface to provide access to major features which appear in a content area on the right. Each content area generally includes additional buttons that provide access to other features. In most cases, the buttons within the feature area either launch a process or switch to another feature area. In a couple of cases, a button caused the content to change with the Cancel button as the way to return to the previous screen (I note this because if this type of operation goes too many levels deep, one could easily get lost in the interface.)

What’s Not:

When Ad-Aware 2007 is loaded, the user interfaces defaulted to the “Status” area which displays the state of the scanners, updates, and licenses. The screen told me that the realtime protection scanners were not turned on. I tried clicking on the text and the icon to turn the scanners on but neither provided an interface to switch the state. In fact, nothing on this screen allowed me to turn the realtime scanners on or off.
[adaware_ui_main.jpg]

To turn the realtime scanners on, I had to switch to the “Ad-Watch” section and there I was informed about the various Ad-Watch scanners. Pressing the Start button didn’t appear to do anything. Switching back to the Status section, I discovered that realtime protection was now on.
[adaware_adwatch.JPG]

There are a couple of problems with this UI. First, the language on the status screen doesn’t mention Ad-Watch making it unclear that there was a link between Ad-Watch scanners and the realtime scanners on the status screen. Second, pressing the Start button invoked no visible change in the application and no message box so I didn’t know if the button had done anything. Finally, turning on the runtime scanners did not create a task tray icon or any other way for me to know that the scanners were running after I closed Ad-Aware 2007. In fact, when I closed Ad-Aware 2007, and restarted it the realtime protection was off for a moment then displayed as “on.” Clicking on the Ad-Watch icon on the desktop didn’t seem to do anything either. The only way I could tell that Ad-Watch was running was to find the process in Windows Task Manager. More importantly, I couldn’t find a way to turn the scanners off outside of killing the process in Task Manager. The UI definitely seems broken here.

In general the UI is consistent though lacks refinement. All the icons are clear and professionally done. The custom look and feel make the UI a bit sluggish but not anything approaching unusable. There are a few visible enhancements that probably will annoy the minimalist like fades and animation when the user switches sections and a reflection under the main title.
[adaware_ui_extras.JPG]

Product Features (2 out of 5)

What’s Hot:

Ad_Aware 2007 provides an interface that will allow you to do a “smart scan” which will scan what the engineers at LavaSoft have determined to be the most critical areas of your computer system. The help text states that this includes “processes, registry, and selected system folders.” You can also do a full scan which will go through your entire registry and hard disk and a custom scan where you can choose what gets scanned.
[adaware_scan_options.JPG]

Ad-Aware 2007 supports an easy-to-use scanning scheduler but appears to use its own scheduling service and does not leverage the Windows Task Scheduler. The scan progress screen is informative and the scanner seems fast enough though I always recommend that scans be scheduled for off-peak hours to maximize processing power and reduce the possibility for conflicts and low memory.
[adaware_scan.JPG]

What’s Not:

The flagship feature of Ad-Aware 2007 obviously is the malware scanner and it is the efficiency and power of the scanner that has made Ad-Aware a worldwide success. As you’ll read below, my tests did not validate the reputation that precedes Ad-Aware.

Ad-Aware 2007 presented a summary screen which also included the option to set a system restore point. While supporting the restore point seems like a good idea, it seemed odd to me that it would be offered after the scan was completed instead of before. Here, the UI is inconsistent with the screen prior where the term used for the same operation was “System Restore” while on this screen it is called “Set.”

Ad-Aware 2007 will attempt to keep its malware signatures current by connecting to the LavaSoft servers on a regular basis. Unfortunately, I frequently received a message that the update servers were busy and the application couldn’t connect. Updating through the main application appeared to work well however.
[adaware_server_busy.jpg]

The biggest problem with the feature set has to do with the malware protection. Ad-Watch did not work as expected. I used the services at Spycar.org to test the ability of Ad-Watch to catch issues. In the handful of tests I ran, Ad-Watch detected none of them. Ad-Watch allowed Spycar to change significant registry entries and modify settings in Internet Explorer. In fact, Ad-Watch failed every single registry test on Spycar. This is most disturbing given that Ad-Watch RegShield states that it is “protects vital parts of the registry that are commonly targeted by malware.” Further, running a SmartScan after the Spycar tests failed to detect any issues on my system.
[adaware_spycar.jpg]

Features: Other Tools (3 out of 5)

What’s Hot:

The Ad-Watch feature is a preventative application that keeps an eye on various processes and components on your computer with the goal of mitigating problems before they occur. Ad-Watch is designed to track registry changes, clean up your browser’s cookies, cache, and history. It also reports on programs that have outgoing internet access (but does not manage them–Ad-Aware 2007 is not a firewall) and will prevent malicious programs from starting.

Ad-Aware 2007 includes plug-in support and includes two additional tools with the “Plus” package. When I attempted to start “Process Watch,” a tool that allows users to shut down running processes on the computer, I was told that I needed to upgrade to the “Pro” version in order to use it. The other tool, “Hosts File Editor” is an interesting concept even if the implementation is a bit awkward.
[adaware_tools.JPG]

What’s Not:

The Hosts File Editor allows users to restrict their browser from connecting to specific sites. When a site hostname (e.g. www. snoodle.com) is added to the hosts file listing, attempts made to connect to www.snoodle.com will fail. I first had a hard time understanding the Host File Editor interface. Initially I couldn’t find a way to add a new entry as there are no buttons that provide for this functionality. After some trial and error, I finally right-clicked in the listing area and a menu popped up that allowed me to add an entry. Another confusion involved how to understand the “Status” column for each host file in the list. The two status possibilities are “Active” and “Non-active” (I’d recommend “Inactive” for this latter option for clarity and grammatical consistency). Which status would you expect would allow you to browse to the site in question? At best it’s ambiguous. “Active” could mean that that the site is active and you can browse to it. Or “Active” could mean that the host file prevention feature for that item is active which, in fact, is what “Active” means here.

Another problem with the implementation is that you have to add the explicit hostname for each site you want to prevent. It’s not possible to add merely the domain like snoodle.com. To prevent your browser from going to www.snoodle.com and images.snoodle.com, you have to add both entries to the list. A better implementation would allow users to add *.snoodle.com or just snoodle.com to the list and that would prevent a user from going to any site with that domain name. Thankfully, subfolders under a given hostname are restricted when the top level hostname is restricted. When removing an entry, you must restart your browser in order to be able to access the site.
[adaware_host_file.jpg]

Performance (3 out of 5)

What’s Hot:

I alluded to the mildly sluggish performance of the UI in the user interface section of this review. The behavior is neither annoying nor does it affect usability. However, I note it here so the reader can be aware of potential issues particularly on slower computers.

I also ran some non-scientific performance tests with the goal of determining whether the software would cause an immediate and noticeable decrease in basic file and web operations. In order to accurately test these operations, I wrote a small software program that would precisely time specific processes that a typical user may perform on a regular basis. For the first test, I copied five 21MB files over my home network from the local machine (on which Ad-Aware 2007 would be installed) to a network share. The second test copied 300 8K files over the network. I wanted to test whether smaller files, and more of them, would affect the scanners negatively. Finally, my program went to five major websites (with complex layouts) and downloaded their home pages. I ran each test five times on a 2.2Ghz Celeron, 1Gb RAM, Windows XP SP2 with all the latest service packs. Here are the results:

No Scanners:
1. Large Files: 15095 ms.
2. Small Files: 4755 ms.
3. Web sites: 5902 ms.

Scanners:
1. Large Files: 14709 ms.
2. Small Files: 4171 ms.
3. Web sites: 5801 ms.

With the scanners running, performance was effected slightly. It’s negligible unless you tend to do a lot of file operations whereby those seconds here and there will add up. The Ad-Aware 2007 runtimes took up about 35Mb of system memory.

Images

Suggested Features

• Fix Ad-Watch
• The UI needs a complete review and refinement.
• Remove the borderline firewall features and offer them the full-featured firewall package instead.

Conclusion

Ad-Aware 2007 is a popular and widely used malware scanner. Past versions, including SE Plus, have been solid and established LavaSoft as a leader in the field of security software. This latest offering, however, suffers from a lack of interface refinement and what appears to be inadequate malware protection. Given this latter problem specifically, I cannot recommend Ad-Aware 2007. 

Related Products

Microsoft One Care, TrendMicro Internet Security, Norton 360