Welcome to Webroot Software, Inc. This site will work and look better in a browser that supports web standards, but it is accessible to any browser or Internet device.

Differences between Spyware and Viruses

The primary difference between the creation of viruses and spyware is economic. Viruses are developed to cause downtime and pain to an enterprise or string of users across the Internet. Spyware is developed primarily for financial gain with its focus on extracting personal information from a user's computer. Because of the opportunity for financial gain, spyware continues to remain a clear and present threat to the enterprise. No longer a cottage industry of just a few companies, spyware is attracting the attention of venture capitalists to organized crime.

Enterprises can't rely on legacy anti-virus software to effectively handle the spyware threat. Spyware is unique and is growing increasingly sophisticated. Unlike viruses, newer variants of spyware are highly adept at remaining on a system it infects.

Key Distinctions

  • Spyware discovery is more difficult than virus discovery
  • Many spyware traces are hidden in registry entries, files, applications and processes
  • A signature lookup can't guarantee protection against a specific program

Spyware programs are more complex than viruses

  • Multiple files are installed, not just a single executable as is typical with a virus
  • Various file locations - spyware traces can be scattered across a network or desktop PC.
  • Spyware programs frequently have obscure file names designed to look legitimate
  • Spyware watches processes, randomization, self-uninstall, open port scans

Rising number of spyware variants

Spyware variants are released with increasing speed and need to be identified quickly by the anti-spyware solution

Numerous distribution methods

  • Increasing automated distribution via Web sites
  • Not limited to only e-mail, like most viruses

Removal technology in AV engines hasn't been enhanced to completely remove spyware.

To ensure survival, spyware programs use complex approaches, such as running separate processes on the PC that monitor each other. These programs are capable of re-installing components and repopulating registry entries that have been removed. They are also capable of randomizing various elements of the program so that they leave a different footprint and are harder to track.

Anti-virus removal engines were not built to remove threats that are complicated and deeply entrenched within a machine. The technology behind anti-virus software, including the scanning engine and signature definition sets are meant to tackle specific virus attacks. Retrofitting legacy virus-removal technology to battle spyware is ineffective against sophisticated spyware programs which require a complex, multi-step process to extract spyware components and remove traces left behind throughout the system. Spyware removal requires highly specialized techniques that are different from the fundamental processes performed by anti-virus software.

Copyright 2007 Webroot Software, Inc.