Sunbelt's CounterSpy Roots Out Rootkits
Stand-alone anti-spyware fights fast

by Daniel P. Dern (dern@pair.com)

Vendor: Sunbelt Software, Inc.
Product Name: CounterSpyware v1.5.82
Price (MSRP): $19.95 (enterprise edition also available)
Availability: Now
Product URL: http://www.sunbelt-software.com/CounterSpy.cfm

Tech Requirements, Win98SE or higher; MSIE 5.0 or higher

One of the big challenges in fighting spyware is that, unlike
most viruses, spyware doesn't want to be found -- so it often
morphs its file or process names while the computer is running.

The new release of Sunbelt Software's CounterSpy, v 1.5.82, includes
"first scan" technology that, according to product manager Phil Owens,
scans your hard drive during initial bootup, before Windows
launches -- right after CHKDSK would run. "This lets CounterSpy
scan for any rootkits in our definitions list -- because we're
scanning the hard drive, they can't hide."

Other new features, according to Owen, include kernal-level drivers
for the active protection, monitoring the Registry and file system
for known bad activities. Also, this new version uses less system
resources, for a smaller performance hit.

In addition to its background processes, you can tell CounterSpy
to do a scan now. Since I'd just run another spyware scanner and
removed things, I'm not surprised nothing it showing up. (My fault,
since this is a testing machine, I shouldn't have let the previous
tool delete what it found.)

One thing I like about CounterSpy's scanning, like some -- but
far too few -- programs, while it can't judge how 'done' it is,
it displays the name of the file it's scanning, and has running
counters, rather than just a cryptic blinking icon or moving
figure.

(One nitpick: CounterSpy "Abort scan now" button generates
a "Please wait while CounterSpy is working" message -- i.e.,
it won't let me stop it.)

Sunbelt says that CounterSpy doesn't conflict with other
security products, so you can run it and, say, ZoneAlarm,
although running multiple anti-spyware means multiple pop-ups.

CounterSpy also protects MSIE from changes like 'homepage hijack.
(Firefox support in the works.)

CounterSpy is an offshoot of the code base used for Microsoft's Antispyware...
but don't mistake them for the same thing, CounterSpy has evolved different features,
and tech support.

Used in conjunction with firewall, anti-virus and other desktop
security tools, CounterSpy looks like a good choice to help
keep your PC safe(r).