Spybot - Search & Destroy 1.6.0 |
|
| Developer(s) | Safer Networking Limited |
| Stable release | 1.6.2 / September 1, 2009 |
| Preview release | 2.0 beta 4 / October 6, 2011 |
| Written in | Delphi |
| Operating system | Microsoft Windows, Windows Mobile, and Symbian[1] |
| Type | Spyware removal software |
| License | Proprietary |
| Website | Safer-networking.org |
Spybot Search & Destroy (S&D) is a popular spyware and adware removal program compatible with Microsoft Windows 95 and later. It scans the computer hard disk and/or RAM for malicious software.
Spybot-S&D was written by the German software engineer Patrick Michael Kolla, and is distributed by Kolla's Irish company Safer Networking Limited. Development began in 2000 when Kolla, still a student, wrote a small program to deal with the Aureate/Radiate and Conducent TimeSink programs, two of the earliest examples of adware.
Contents |
Spybot – Search & Destroy is currently released as freeware. Corporate users are required to purchase a yearly license.
Along with spyware and adware detection and disinfection capabilities, Spybot-S&D can repair the registry, winsock LSPs, ActiveX objects, browser hijackers and BHOs, PUPS, computer cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. It can also, to some extent, protect a user's privacy by deleting usage tracks like tracking cookies. Spybot-S&D also includes an "Immunize" feature to block the installation of spyware before it occurs e.g. by modifying the hosts file. Another tool included in Spybot-S&D is a file shredder, for the secure deletion of files. Spybot-S&D is not intended to replace anti-virus programs, but it does detect some common trojans.
In 2008 Spybot-S&D announced that they could recognize rootkits much better, and also provided a free-standing rootkit finder, RootAlyzer.[2]
The TeaTimer module can be optionally enabled, providing a level of active, real-time protection against unwanted registry changes. This comes in the form of pop-ups which alert the user to registry changes, and ask for approval before allowing the change. Registry changes are mostly (but by no means always) made when programs are installed, uninstalled, or updated; changes when program modification is not known to be happening can be due to hidden installation of malicious software.
Some programs ship with attached spyware or adware and refuse to run when they are not present; newer versions of Spybot replace the spyware binaries with inert dummies (designed to fool programs which simply check for the presence of the spyware's file).
In order to detect recently created programs efficiently, detection updates are released weekly with other improvements such as added languages and better heuristic algorithms. These updates are downloaded and installed from within the software from a variety of mirrors.
Spybot-S&D is available for all versions of Windows from Windows 95 and up, and offers more than two dozen different languages and several skins to users. Instructions are available on the website to enable users to design their own skins.
Technical support is currently supplied by means of Internet forums[3] and support e-mails (with a usual response time of no more than 24 hours).
In previous years Spybot-S&D has been applauded for its ease of installation, free updates, and excellent features. It won numerous awards, including the World Class 2003 Awards, the PC Magazine Editor's Choice and PC User Top Buy #1. Additionally, Spybot was recommended by ZDNet, the Wall Street Journal, The Guardian, MSNBC, CNN and other reviewers.
Although PC Magazine initially rated it highly in 2003, their rating declined to "poor" in 2008:
In January 2008, PC Magazine, after giving Spybot Search & Destroy 1.5 a score of just 1.5 out of 5,[5] elected it as one of the worst tech products of the first quarter of 2008 and called its malware cleaning-up skills mediocre.[6]
Version 1.5 has better compatibility than previous versions with Wine (software which allows running of Windows programs under Linux), and restores compatibility with Windows 95[7] which was faulty in 1.4.[8] Version 1.6 is said by Safer Networking to scan several times faster than version 1.5.[9]
Several people, knowing the program's great legitimacy, have made Spybot 'clones' with similar user interfaces and similar sounding program names. Some clones have been made by spyware manufacturers to make programs that pose as anti-spyware programs, but actually install spyware themselves. These programs are known as rogue antispyware.
Searching the words "spybot", or "search & destroy", "spybot antispyware" or any other related search on a search engine will often result in a paid advertisement for "SpywareBot". This program is a known rogue antispyware program, which fraudulently uses the "search and destroy" logo and a name similar to Spybot to fool users into downloading their product instead of the original Spybot Search & Destroy.[10] A key difference between the real Spybot S&D, and false anti-virus programs is that the real Spybot S&D does not require any payment.
Some malicious sites were subtle variations of the legitimate spybot s&d URL such as "Safer-networking.com". The real site is .org, and not .com.
Several of the largest commercial security products require users to uninstall Spybot when they are being installed or when they run.[11]
The makers of Spybot-S&D came into conflict with Norton Internet Security over compatibility issues in 2006.[12] Symantec recommended uninstalling Spybot-S&D before installing Norton Internet Security. According to Safer Networking, no satisfactory explanation was provided to them for this decision. Antivirus professional Mary Landesman suggests a possible explanation may stem from a graphical glitch in TeaTimer module's confirmation dialog. An official explanation from Safer Networking[13] stated that the error was caused by a bug in the program used to build their code. The result of the bug was that users had difficulty enabling Norton Internet Security to make necessary changes to critical registry areas, such as allowing itself to launch on computer startup. Aside from this, Mary Landesman, like Safer Networking, concluded that the two programs had no issue with one another. The bug was was fixed in the 1.5 release.[14]
Kaspersky Antivirus and Kaspersky Internet Security since version 2009 force users to uninstall Spybot during the installation process, although there is no serious incompatibility yet known. The discussion was concluded in the Kaspersky forum, which said not to install Spybot at all. Kaspersky seems to be reluctant to fix the issue, despite receiving several complaints.[15]
Trend Micro Officescan follows Norton, Kaspersky and McAfee in simply removing Spybot without warning or notification afterwards.[16]
The immunisation feature of Spybot – Search & Destroy caused Internet Explorer 8 to start slower than expected.[17] Fix KB969897 to resolve this problem was issued by Microsoft on June 9, 2009.[18]