As more and more services are provided through the use of computers and computer networks, the security of the data stored in computers as well as that of the identity information of users given out when services are accessed have become major concerns to every computer user. With the nature of self-hiding, spywares pose one class of the most serious and difficult to be detected threats to these concerns. Currently, two types of detection practices are adopted in today’s spyware detection systems: the misuse-detection type based on signature patterns of code streams and the anomaly-detection one based on statistic models of the behaviors of executables. The former has better accuracy in detection results, yet it also inherent the problem of time lag in new spyware signature discovering and updating. On the other hand, the latter is able to detect new spywares, but suffers from the accuracy of detection result. In this study, we proposed a novel detection method. Based on the nature of spywares, the execution of a spyware can be distinguished from the execution of a normal program by the differences in the process initiation procedure. As shown in the experiments, the proposed scheme is able to recognize spywares known to the signature-based detection systems with the same accuracy. In addition, it is also capable of identifying new spywares as well.