Spyware Doctor Starter Edition - a second look
Responding to a critique of my first look review
After my previous posting about the free Starter Edition of Spyware Doctor version 5, someone claiming to be a spokesperson for the vendor, PC Tools, left a long rebuttal comment. I can't verify that the writer, claiming to be Marketing Communications Manager Magida Ezzat, actually works for PC Tools because they never contacted me directly. What follows is my rebuttal to the rebuttal. Think debate team.
No Network Drives For You
OK. But having every scan of a network drive report that all is well is misleading since no scanning was done. If the product won't scan a network drive on purpose, it should say so.
Who Does The Updating?
Interesting. This implies that the Starter Edition of Spyware Doctor will run just fine even if the Google updater is uninstalled.
Latest Version
Good to know. But, it is now a week since the comments above were written, and the main version number is no longer the same for both editions of Spyware Doctor. The product's home page currently says that version 5.5.0.178 is the latest for the "Full Version". My copy of the Starter Edition is version 5.1.0.272 and it reports that it is up-to-date. Adding to the confusion, Help -> About doesn't identify the Starter Edition.
Other Reviews
I was not looking for critical reviews, just for reviews. Magida provided links to three positive reviews. One link was to an old version of the software. To me, reviews of old versions are irrelevant. The other two links were, in fact, to the same review by Ryan Naraine. It originally appeared at PC World in August 2007 and then reappeared at UK-based PC Advisor in September 2007.
I read the lone positive review, and it said "PC Tools Spyware Doctor 5.0 spotted only 27 percent of our inactive banking-related spyware and 43 percent of password-stealing spyware." No anti-spyware program is perfect, perhaps these percentages are par for the course. I don't know. But the review also said:
"Spyware Doctor 5.0 didn't detect changes to the Hosts file, which spyware can use to redirect your PC to a malicious website."
It is inexcusable for an anti-spyware product not to prevent updates to the hosts file. Malicious software has targeted the hosts file for a long time; this is nothing new. Even the free version of the ZoneAlarm firewall has an option to prevent changes to the hosts file.
The reason to care about the hosts file is that it can translate the name of a website into an underlying IP address. If your hosts file is zapped by malicious software you can type in the name of your bank (or use a Bookmark/Favorite) and end up at a website that looks exactly like that of your bank, but is in fact, operated by bad guys. Kiss your identity good-bye.
Not protecting the hosts file is, to me, a fatal flaw for an anti-spyware product.*
Another point from the positive review: "By default, PC Tools Spyware Doctor 5.0 does not turn on anti-rootkit protection". Gee.
CNET Review
Further, the review conducted by Robert Vamosi had fundamental flaws, both factually and in its review methodology. There were basic problems with how the review was conducted, not just in the case of Spyware Doctor, but for other security products also reviewed that had some obvious errors in their reviews too. I would respectfully suggest you look at some of the expert reviews, like PC World, were they used independent testing labs with malware experts based in Germany to test against 30,000 real-world spyware threats, not 8 threats of which some were not even malware - as was the case with the CNET review.
I notified Robert Vamosi of the above comments and, if he so chooses, he can speak for himself. To judge for yourself, see CNET Top 10 Antispyware apps 2007 and How we test: Antispyware software.
Last Update Date
Yes, I missed it, the last update date is reported (I updated the initial review to reflect this). However, the last time I checked the software, it said it was updated three days ago and had a green check mark. In the anti-malware world, missing three days of updates is not an all green condition. I would consider it a yellow warning. Sure enough, the software was missing an update to the "database".
High CPU Usage
That Spyware Doctor is doing anything at all just after installation is not obvious to the user and it should be. In an effort to be usable by non-techies the product is overly simple. To me, software that consumes a large amount of computer resources and slows down the machine, should at least say what it's doing.
If you know a computer user that is better off without a message on the order of "A scan of all the files on your computer is now in progress. This scan is necessary because .." then Spyware Doctor is an appropriate choice for that person.
That a scan takes "some processing power" goes without saying. Magida did not address the fact that it took all the processing power on my machine, thus the denial of service comment.
What To Ask The User
If the product won't even display the fact that a scan is in progress, then of course it won't ask for permission first. But, the net effect of this design choice is that the computer slows to a crawl every now and then and stays slow for the duration of the stealth background scan. And because Spyware Doctor is mute about what it's doing, many users won't know to blame it for the slowdown. How convenient.
NOD32, which I just wrote about, solves the problem of dealing with users with different levels of technical awareness by defaulting to a simple user interface and offering an option for an advanced interface. To me, this is a better design.
Missing Tools Button
OK. Let me suggest adding these three sentences to the getting started documentation.
Number of Downloads
The software available at download.com is the free trial edition. The Starter Edition, that I wrote about, is only available as part of Google Pack at pack.google.com.
*Not blocking the hosts file is a limitation of the full/paid version of Spyware Doctor. The free Starter Edition does not claim to block most avenues of infection. That's why it's free.
See a summary of all my Defensive Computing postings.