The Writers Workbench: Spy vs. Spy

It's taken a while, but the world has finally, seemingly caught on that having anti-spyware and anti-virus protection is a good thing. Time was that the two were separate, but these days, there's been an overlap. (Indeed, the definition of "anti-spyware" has grown to the extent that "anti-malware" is often used instead.) These days, most A-V programs have anti-spyware protection included, and anti-spyware programs include some defense against viruses. In fact, many programs now blend the two, bundling anti-virus and anti-spyware in one interconnected unit. There are advantages to this, having everything working together -- but advantages, as well, to having separate programs that do their individual job at peak efficiency.

Sunbelt Software has long had been a leading anti-spyware program, Counterspy, and recently put out an all-in-one product, VIPRE. But it's their standalone flagship product that we'll be taking a look at here.

"The Writers Workbench" appears monthly on the website for the Writers Guild of America. To see this entire column, complete with product graphics and additional "TWW Notes," please click here

CounterSpy 3.0

Before getting to the program itself, I had a few difficulties getting it up and running in the first place. I downloaded the program and installed it with the clear Wizard. When I attempted update the full set of risk definitions, however, I kept getting an "out of date" message, and the program stopped downloading. Checking with tech support, the fix was very easy, but required several steps. (I first needed to download several small programs to create log files, which isolated the problem. Then I had to manually download the full definitions directly online, rather than through the program. This resolved the issue, and I was able to continue with the installation. More on this later.)

CounterSpy has long been one of the industry leaders in spyware detection. That said, it's always good to run two anti-spyware programs: one for active protection, and one to run manually once a week, since there is no standard of what "spyware" actually is, and different programs check different definitions for different risks.

(Important note: "Definitions" are what tells your program what to look for. Because new, malicious spyware is being developed all the time, if you stick with old definitions - and never renew your subscription, or get the latest program - your software will only use those old definitions to check your system, and you will be woefully unprotected. It's like buying the greatest lock for your house, but leaving all the windows open.)

As good as CounterSpy has been in the past, the question is raised whether the new version is worth upgrading to or just stick with renewing your virus definition subscription.

CounterSpy 3.0 comes with some very strong improvements over earlier editions. For starters, it uses significantly less memory and therefore is less of a drain on your system, something that tends to be a problem with many anti-spyware programs. Also, the program is noticeably faster in its scanning.

There is also an improved Rootkit protection, along with a process they call "FirstScan." This is important, because Rootkits are the nefarious intruders that can take over your system the moment it begins its boot-up.

The program also uses a new technology for detection malware, which the company says is a subset of the VIPRE technology it developed for its bundled product.

But what will likely be most noticeable to uses is that, finally, CounterSpy has given itself a major facelift and made the program significantly more user-friendly. This has long been one of CounterSpy's bugaboos: it's been a power-user program, but in being so, left easy of use a few steps behind. It never was "hard," but it never was intuitive. That, at long last, has changed. And it's a pleasure to see.

The homepage is loaded with information that's well-laid out. The current status of the worldwide spyware threat is constantly updated. A box contains your personal statistics from all the scans of your system the program has made. And your current status of protection, updates and scans is far more clear than before. In addition, links are clearly presented for taking you to scheduling scans, editing your settings, updating and more.

One oddity. Clicking the "Scan Now" link doesn't scan now. It takes you to the Scan page, where you can choose which level of scan you want to do. And only then do you start you scan by clicking the "Scan Now" button. (You can also access this page by clicking on the Scan tab at the top of the home page.)

The Settings window is also much more clear than previously, with all your options for updates, scanning, active protection, integrating with Windows security and more accessible though tabs. Most of the default settings are what you'll want to stick with, but changing choices is easy and well-defined. By and large, Help screens give good information.

A couple more oddities. The Help file recommends setting automatic updates for every 4 hours. But in the program, it's set for every 2 hours by default.

Also, under Scan Settings, the defaults for Quick scan and Deep System scan appear to be exactly the same, with the exact same option boxes checked. But that's not the case. The options aren't for what a Quick scan and Deep System scan will check, but rather what additional options you want scanned on top of the basic Quick scan or Deep System scan. This isn't problematic, but could be made more clear.

CounterSpy does a good job with Active Protection monitoring changes made to your browser - in case, for instance, your homepage has been "hijacked" by malware. However, at the moment, it only monitors Internet Explorer. Most spyware issues, of course, are unrelated to this, and for the most part, if there's an intrusion, the program's new Kernel-based Active Protection will stop it or the scanner will clean it.

If you choose to run CounterSpy manually, rather than under Active Protection, you must remember to manually update your risk definitions before scanning. Testing this, I noted that it would occasionally stop during the process, although re-clicking Update Now got things going again. There's a monitor that logs your process, though surprisingly it seemed to disappear on occasion. Also, after several months of running perfectly, that same "out of date" issue that occurred during installation reoccurred. (The company says that the problem crops up if definitions get corrupted, which can take place when a download gets interrupted or a partial update remains in your TEMP directory.) The problem was easy to address: simply manually download the full definitions file from the online Support page. This overwrites everything. It does takes a lot more time, however.

(By the way, although noted above that it's a good idea to have to more than one anti-spyware program, you should never run two in Active Protection mode at the same time. Conflicts with anti-spyware programs are the rule. Run one "active" and the other manually.)

CounterSpy also monitors changes to your Registry, regardless of what browser you use. The company notes that it expects to add support for Firefox in the future. While this will be a good improvement, it's surprising that they haven't done so yet, considering that Firefox has been around for a while.

The program provides a "Manage" page that keeps all of your important information in one handy place, at your fingertips. Things like scan History, all your Quarantined items (questionable files that the program has protected your system from, but without deleting, in case it turns out to be a "false positive," and you need it later), safe files that you always want to allow, and your scan schedule.

CounterSpy has made excellent improvements for his version 3.0, and if you already own the program, it's worth considering an upgrade. Even if you're comfortable with the old interface, the new version's speed, smaller memory use and rootkit protection are all very advantageous. The "out of date" problem with risk definitions is an annoyance, but doesn't occur often (and may not ever occur for some) and is very easy to address.

If you prefer a bundled anti-virus/anti-spyware program, know than the core of CounterSpy 3.0 is used in Sunbelt Software's new VIPRE program. If you're looking for a change to a new standalone anti-spyware program, there are several good ones out there, but CounterSpy 3.0 is high on the list. At the time of writing, it retails for $20.

To see this column complete with product graphics and additional "TWW Notes," visit the WGA website.