Sunbelt's CounterSpy Roots Out Rootkits

By Eric Lundquist  |  Posted 2006-12-08

Sunbelt's CounterSpy Roots Out Rootkits

Stand-alone anti-spyware fights fast

by Daniel P. Dern (

Vendor: Sunbelt Software, Inc. Product Name: CounterSpyware v1.5.82 Price (MSRP): $19.95 (enterprise edition also available) Availability: Now Product URL:

Tech Requirements, Win98SE or higher; MSIE 5.0 or higher

One of the big challenges in fighting spyware is that, unlike most viruses, spyware doesn't want to be found -- so it often morphs its file or process names while the computer is running.

The new release of Sunbelt Software's CounterSpy, v 1.5.82, includes "first scan" technology that, according to product manager Phil Owens, scans your hard drive during initial bootup, before Windows launches -- right after CHKDSK would run. "This lets CounterSpy scan for any rootkits in our definitions list -- because we're scanning the hard drive, they can't hide."

Other new features, according to Owen, include kernal-level drivers

for the active protection, monitoring the Registry and file system for known bad activities. Also, this new version uses less system

resources, for a smaller performance hit.

In addition to its background processes, you can tell CounterSpy

to do a scan now. Since I'd just run another spyware scanner and

removed things, I'm not surprised nothing it showing up. (My fault, since this is a testing machine, I shouldn't have let the previous tool delete what it found.)

One thing I like about CounterSpy's scanning, like some -- but far too few -- programs, while it can't judge how 'done' it is, it displays the name of the file it's scanning, and has running counters, rather than just a cryptic blinking icon or moving figure.

(One nitpick: CounterSpy "Abort scan now" button generates a "Please wait while CounterSpy is working" message -- i.e., it won't let me stop it.)

Sunbelt says that CounterSpy doesn't conflict with other security products, so you can run it and, say, ZoneAlarm, although running multiple anti-spyware means multiple pop-ups.

CounterSpy also protects MSIE from changes like 'homepage hijack. (Firefox support in the works.)

CounterSpy is an offshoot of the code base used for Microsoft's Antispyware... but don't mistake them for the same thing, CounterSpy has evolved different features, and tech support.

Used in conjunction with firewall, anti-virus and other desktop security tools, CounterSpy looks like a good choice to help keep your PC safe(r).

Rocket Fuel