Spyware Doctor Starter Edition - a second look

Responding to a critique of my first look review

Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

Disclosure.

See full bio

Michael Horowitz

Jan. 8, 2008 12:11 p.m. PT

8 min read

After my previous posting about the free Starter Edition of Spyware Doctor version 5, someone claiming to be a spokesperson for the vendor, PC Tools, left a long rebuttal comment. I can't verify that the writer, claiming to be Marketing Communications Manager Magida Ezzat, actually works for PC Tools because they never contacted me directly. What follows is my rebuttal to the rebuttal. Think debate team.

No Network Drives For You

Me: All the scans I ran on drive letters that represented mapped network drives were refused. There was no error or warning, the scans just always examined zero files.

Maybe Magida: The custom scan feature in Spyware Doctor is designed for checking local drives, that is the c-drive and other external drives such as a USB stick or backup device, not network drives. This is essentially because spyware is fundamentally different viruses, where removing spyware is much more that just deleting a file. It involves finding all the parts of the threat that may be in the registry, running process and other areas...

OK. But having every scan of a network drive report that all is well is misleading since no scanning was done. If the product won't scan a network drive on purpose, it should say so.

Who Does The Updating?

Me: When it comes time to upgrade to version 5.2 or version 6 is Google or Spyware Doctor or both or neither going to perform the update?

Maybe Magida: When a new version does get released ... the update is performed seamlessly, with both Google Pack and Spyware Doctor able to perform the update, whichever one runs first will handle the update.

Interesting. This implies that the Starter Edition of Spyware Doctor will run just fine even if the Google updater is uninstalled.

Latest Version

Me: The just-installed software was old in two respects. According to PC Tools, the latest version is 5.1.0.273, Google installed version 5.1.0.272.

Maybe Magida: Spyware Doctor comes in two versions, the Starter Edition (this is the Google pack build, version x.272), and the full edition, version x.273. The versions have different feature sets and are different physical builds; this is why they do not always have exactly the same build numbers. The main version v5.1 is the same for both, and Google Pack is the latest version for that product.

Good to know. But, it is now a week since the comments above were written, and the main version number is no longer the same for both editions of Spyware Doctor. The product's home page currently says that version 5.5.0.178 is the latest for the "Full Version". My copy of the Starter Edition is version 5.1.0.272 and it reports that it is up-to-date. Adding to the confusion, Help -> About doesn't identify the Starter Edition.

Other Reviews

Me: It wasn't hard to find critical reviews of Spyware Doctor version 5.

Maybe Magida: If you were looking for critical reviews I have no doubt you could find them. On the Internet you can find critical reviews of just about any product or service ... It is interesting that this review does not mention any of the good reviews and awards we have had...

I was not looking for critical reviews, just for reviews. Magida provided links to three positive reviews. One link was to an old version of the software. To me, reviews of old versions are irrelevant. The other two links were, in fact, to the same review by Ryan Naraine. It originally appeared at PC World in August 2007 and then reappeared at UK-based PC Advisor in September 2007.

I read the lone positive review, and it said "PC Tools Spyware Doctor 5.0 spotted only 27 percent of our inactive banking-related spyware and 43 percent of password-stealing spyware." No anti-spyware program is perfect, perhaps these percentages are par for the course. I don't know. But the review also said:

"Spyware Doctor 5.0 didn't detect changes to the Hosts file, which spyware can use to redirect your PC to a malicious website."

It is inexcusable for an anti-spyware product not to prevent updates to the hosts file. Malicious software has targeted the hosts file for a long time; this is nothing new. Even the free version of the ZoneAlarm firewall has an option to prevent changes to the hosts file.

The reason to care about the hosts file is that it can translate the name of a website into an underlying IP address. If your hosts file is zapped by malicious software you can type in the name of your bank (or use a Bookmark/Favorite) and end up at a website that looks exactly like that of your bank, but is in fact, operated by bad guys. Kiss your identity good-bye.

Not protecting the hosts file is, to me, a fatal flaw for an anti-spyware product.*

Another point from the positive review: "By default, PC Tools Spyware Doctor 5.0 does not turn on anti-rootkit protection". Gee.

CNET Review

Me: At CNET, Robert Vamosi reviewed it shortly after it was released in March and gave it 6 stars out of 10.

Maybe Magida: Previous to this review, Spyware Doctor was rated 5/5 stars, because it was reviewed using a full unrestricted version. After changing our trial version to be restricted, Robert Vamosi reviewed it as trialware only. Download.com doesn't review full versions of software anymore, only trialware, which is obviously unfair for commercial applications.
Further, the review conducted by Robert Vamosi had fundamental flaws, both factually and in its review methodology. There were basic problems with how the review was conducted, not just in the case of Spyware Doctor, but for other security products also reviewed that had some obvious errors in their reviews too. I would respectfully suggest you look at some of the expert reviews, like PC World, were they used independent testing labs with malware experts based in Germany to test against 30,000 real-world spyware threats, not 8 threats of which some were not even malware - as was the case with the CNET review.

I notified Robert Vamosi of the above comments and, if he so chooses, he can speak for himself. To judge for yourself, see CNET Top 10 Antispyware apps 2007 and How we test: Antispyware software.

Last Update Date

Me: If anti-malware software can't do something as easy as reporting the last update date ... then maybe it won't report other important information in a clear, simple way.

Maybe Magida: It seems you have missed looking at the left-hand side of our system information section (which for some reason has been cropped out in your review). This clearly displays when the last update was run ... Refer to the full screenshot here

Yes, I missed it, the last update date is reported (I updated the initial review to reflect this). However, the last time I checked the software, it said it was updated three days ago and had a green check mark. In the anti-malware world, missing three days of updates is not an all green condition. I would consider it a yellow warning. Sure enough, the software was missing an update to the "database".

High CPU Usage

Me:Spyware Doctor seemed to be conducting a denial of service attack on me. It ... was consuming all the processor cycles on the machine.

Maybe Magida: Although it may not be obvious to the user, on first installation Spyware Doctor does much more than just an update; in the background it is running a thorough system check to ensure a clean environment. It scans many critical sections for pre-existing malware infections and alerts you if it finds anything. A thorough system scan does take some processing power, however it's most vital role when it first lands on your PC is to quickly detect and remove any current infections that may exist.

That Spyware Doctor is doing anything at all just after installation is not obvious to the user and it should be. In an effort to be usable by non-techies the product is overly simple. To me, software that consumes a large amount of computer resources and slows down the machine, should at least say what it's doing.

If you know a computer user that is better off without a message on the order of "A scan of all the files on your computer is now in progress. This scan is necessary because .." then Spyware Doctor is an appropriate choice for that person.

That a scan takes "some processing power" goes without saying. Magida did not address the fact that it took all the processing power on my machine, thus the denial of service comment.

What To Ask The User

Me: If software thinks it knows best, fine. But it should ask the user before doing something resource intensive.

Maybe Magida: ... our customer base is largely made-up of non-expert computer users; who want an easy to use, set and forget product. Our product is designed with this non-expert user in mind, who may not be aware of the importance of running a scan immediately on install.

If the product won't even display the fact that a scan is in progress, then of course it won't ask for permission first. But, the net effect of this design choice is that the computer slows to a crawl every now and then and stays slow for the duration of the stealth background scan. And because Spyware Doctor is mute about what it's doing, many users won't know to blame it for the slowdown. How convenient.

NOD32, which I just wrote about, solves the problem of dealing with users with different levels of technical awareness by defaulting to a simple user interface and offering an option for an advanced interface. To me, this is a better design.

Missing Tools Button

Me: The other missing item is the Tools button. It is shown in the getting started documentation and also visible in the CNET video at download.com. What the tools are though neither says.

Maybe Magida: We have one currently released tool, called "Malware Detective." This tool is only used by our support team to retrieve optional extra information from the machine to more effectively repair challenging malware. This is an optional install that can be installed if needed by our support team and is not a specific restriction in the Starter Edition.

OK. Let me suggest adding these three sentences to the getting started documentation.

Number of Downloads

Me: The free trial version has been downloaded a whopping 17.4 million times at CNET's Download.com.

Maybe Magida: Spyware Doctor has in fact been downloaded many more times than this from Download.com, however unfortunately the Download.com counter has been broken for some time now. Also you may not be aware of this, but none of the sponsored listings on Download.com are counted either, and many products in the top 50 on download.com redirect downloads from their website to download.com in order to artificially inflate the counter. If PC Tools sent all the Spyware Doctor downloads to download.com it would most likely become the most downloaded product on download.com. In fact Spyware Doctor has been downloaded over 150 Million times since the first release in 2004.

The software available at download.com is the free trial edition. The Starter Edition, that I wrote about, is only available as part of Google Pack at pack.google.com.

*Not blocking the hosts file is a limitation of the full/paid version of Spyware Doctor. The free Starter Edition does not claim to block most avenues of infection. That's why it's free.

See a summary of all my Defensive Computing postings.