There's no doubt that spyware has already become a significant problem for most computer users. Small applications capable of silently tracking users' activities and making the collected data available for a third party can pose a serious threat in the hands of cybercriminals, who this way get access to confidential information and use it for illicit gain. Therefore, taking effective countermeasures becomes vital for privacy protection.

The advancement of malicious spyware couldn't have gone beyond the attention of security specialists, which resulted in the rise of numerous software solutions aiming to secure computer users from this kind of threat. Many security tools have received additional anti-spy functionality. Moreover, dozens of specialized anti-spyware products are now available on the web, often making customers face uneasy problem while choosing the best one to protect their PCs.

Numerous researches on the efficiency of anti-spyware means have already been conducted. But very often they do not shed light on the real effectiveness ranking, making the situation even more confusing. Unfortunately, many such comparisons are pursuing first and foremost marketing objectives and have the aim to promote some particular product showing its superiority over the competitors. Researches of the kind are usually built upon product's ability to detect or neutralize some samples of malicious code. Each of them finally raises concerns over the selection of testing samples and suspicions that their set could have been taken from the signature bases of the 'lucky winner'.

Not to become another one in the list, Anti-Keylogger.Org team has chosen a different way (though we realize it can also be imperfect).

An interesting opposition can be observed on the market of security tools nowadays. On the one hand, there's a multitude of security applications that declare almost 100% protection from ANY spyware in general and keyloggers in particular. On the other hand, commercial monitoring products that contain keystroke logging functions are gaining more and more popularity. Their ability to intercept the information on entered keystrokes should obviously oppose such applications to anti-spyware tools. Furthermore, such products often declare their full invisibility for anti-spyware. Thus we see the opposition of two powerful developing and marketing forces, and the statements of at least one of the sides should apparently be overbold.

At the same time, consideration must be given to the fact that theoretically not every anti-spyware vendor has set finding and disabling commercial monitoring tools as an object for his product. That is another reason to mention that the final aim of this research is not to discredit or promote this or that product, but to give food for thought about the properties of the represented security applications. To a greater extent it refers to the programs that are built entirely on heuristic analysis or at least use its elements aside from relying on signature bases only.

The problem of keylogger products selection was solved the following way: Top-10 monitoring programs were taken from the chart of Keylogger.org project.

The comparison is synchronous and reflects the situation as of February 7, 2007. The latest versions available for free download were taken for both keyloggers and anti-keyloggers, used updates were also of February 7 or older.

Another problem was in the diversity of evaluated anti-spyware products and in the functions they perform: some of them use full system scans, others do not; some only detect keyloggers and alert about it, others can also remove or disable the threat after finding it; some have got active protection, other haven't etc. All this made it difficult enough to set common criteria that would be relevant for all the competing samples.

The compromise decision was found and the criterion was chosen: the ability to disable the keylogger or at least warn the user about its presence on his system. At the same time, the following reactions of anti-spyware programs were not considered to be enough for a positive verdict:

a) keylogger setup file danger warning;

b) warning message during the installation of a keylogger;

c) prevention from the installation of a keylogger.

Indeed, the majority of commercial keyloggers are installed not in the presence of the monitoring target person which also lets one temporarily disable anti-spy protection for the time of installation in case it poses any problems.

So target aim for the evaluated security products was to protect a user who is working on the computer from already present active keyloggers or at least to notify him about the threat of a data theft for user to take further actions. Possible user interaction was limited to starting scan engine or enabling active protection.