PC Tools Spyware Doctor

Interesting Win7 Issues with Spyware Doctor with Antivirus

I’m a long-time fan of PC Tool’s highly-regarded Spyware Doctor antispyware products, and have run at least one version of this product family on a like number of test and production machines for going on four years now. In the last month, I’ve had problems with their latest and greatest combined antispyware/antivirus offering (Spyware Doctor with Antivirus 2010, version 7.0.0.508 to be specific) on a couple of my Windows 7 machines. To be specific, the primary service module pctsSvc.exe experiences an application crash at least once a day (my record for any one machine is 7 times in one day) with detail like this screencap from Reliability Monitor to match:

Event details for the pctsSvc.exe crash

I’ve already switched from this product to Norton Internet Security 2010 on my primary production machine (I didn’t want to leave the machine in an uncertain state while working through this problem), but I’ve left it installed on one of my test machines and am working with PC Tools technical support to try to understand and resolve this issue.

Last Thursday, I conducted a Web chat to report my problems and ask for some advice. The support tech had me stop the Spyware Doctor run-time environment (right-click the icon in the notification area, then select ShutDown from the resulting pop-up menu), uninstall the running version of Spyware Doctor, download a fresh clean copy from their Web site, and reinstall the program. After three days with no problems I was starting to hope that my failure to halt the previous version of the app before doing the first install of the current version caused the problems, but when I logged into my test machine first thing this morning, I found the pctsSvc.exe app crash message waiting for me on that machine when I checked in.

I’ve forwarded the information to PC Tools, along with the same screen cap you see in this blog, and will be curious to see what happens next. The tech I worked with last week said they would e-mail me a copy of the Belarc Advisor, and have me install and run it, so they can examine its output to understand more about my PC. Just for grins I visited the Belarc website to download and run the free version of the Belarc Advisor on a different PC, and here’s what popped up:

The free Belarc version omits the important security stuff

It looks like a pretty informative tool, but I didn’t see anything in the output from the free version that would help me or anybody else tackle the Spyware Doctor issues, so I’m guessing the commercial version that PC Tools will send me will  provide a bunch more detail, especially on security -related matters. One big concern for many such software companies is the presence of malware that could inhibit or block correct behavior on  a PC (which I’m 99% sure is NOT true for this machine, having scanned it with Trend Micro Housecall and the Norton Security Scan and come up clean on both), while another has to be the presence of other programs, drivers, or runtime environments that interfere with the PC Tools runtime environment’s proper operation.

This promises to be an interesting and educational adventure as I work with PC Tools to figure out what’s bollixing Spyware Doctor with Antivirus on my test machine. I’ll keep you posted as things develop further.

[Note added 11/21/2009]: I never heard back from PC Tools Tech Support despite an e-mail follow-up on 11/17. I guess I’ll have to start a new trouble ticket tomorrow. Count on me to keep following up as more info becomes available. In the meantime, pctsSve.exe crashed again on 11/18 and 11/19.

Vista Fares Poorly on Malware Detection

Here’s an interesting story from June 16 on the SPAMfighter.com Website, based on recently-released research work from leading antispyware firm Webroot. It’s entitled “Vista Low on Malware Detection” and makes some pretty interesting points:

• The OS demonstrates only limited built-in malware blocking capabilities: it cannot block 84% of common malware elements, including some of the most common and well-known malware and spyware versions.
• Some malicious code was able to install at administrative privilege level, execute code, and use a keylogger, but Windows Defender could neither detect nor stymie its installation or run-time activities.
• Signature updates for malware were also observed to be “extremely slow” on Windows Vista.

What’s the point? Try this quote for size “…security experts…cautioned users that the default malware blocking software as well as the anti-virus programs of Microsoft may fail to provide them comprehensive protection…” Duh!?

When it comes to news like this, I’d like for them to tell me more about what they learned in doing their analysis, and how other threat prevention mechanisms fared as well. Everybody knows that additional protection is necessary for Windows PC active on the Internet, and most corporate security policies require specific and more powerful antimalware coverage anyway. What would have been more interesting and potentially useful would have been a comparison of effectiveness for leading antispyware programs (including Webroot’s own Spyware Sweeper, PC Tools Spyware Doctor, and so forth and so on), as well as speed comparisons for signature updates and scanning for XP, Vista, and Windows 7.

I’m hoping more and more of that detailed information becomes available as Windows 7 heads for commercial release in October. And gosh, would I ever love it if somebody stepped up to fund an organziation like Virus Bulletin for the anti-spyware community. There may never be an AntiSpyware 100 (AS100) like the VB100 if what I know about spyware remains true — and things show no signs of changing in this regard — but it would be nice to have AS80-plus or AS90-plus ratings to help separate the merely adequate antispyware packages from the real star performers. To me, that would be some real news!