Samiksha Jaiswal (Editor)

Spybot – Search and Destroy

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
Safer-Networking Ltd.

License
  
Proprietary

Written in
  
Delphi

Stable release
  
2.4 / July 1, 2014 (2014-07-01)

Operating system
  
Microsoft Windows, Windows Mobile, and Symbian (older versions of Spybot only)

Type
  
Spyware removal software

Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows 95 and later. It scans the computer hard disk and/or RAM for malicious software.

Contents

Spybot-S&D was written by the German software engineer Patrick Michael Kolla, and is distributed by Kolla's Irish company Safer-Networking Limited. Development began in 2000 when Kolla, still a student, wrote a small program to deal with the Aureate/Radiate and Conducent TimeSink programs, two of the earliest examples of adware.

Licensing

Spybot – Search & Destroy is released as freeware for personal users with more featureful versions available for purchase. Corporate and technician users have to buy a commercial version. The paid versions contain an anti-virus component that uses the BitDefender engine.

Spybot features

In addition to spyware and adware detection and disinfection, Spybot-S&D can repair the registry, winsock LSPs, ActiveX objects, browser hijackers and BHOs, PUPs, HTTP cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. It can also delete tracking cookies. Spybot-S&D has an Immunize function to block the installation of spyware before it occurs e.g. by modifying the hosts file. A secure file deleter is included. Spybot-S&D was not originally intended to replace anti-virus programs (prior to v. 2.1 'Spybot +AV'), but it does detect some common trojans and rootkits. A free-standing rootkit finder, RootAlyzer, is available.

The TeaTimer module is currently removed for a reason not made clear. The TeaTimer module could be optionally enabled, providing some active, real-time protection against unwanted registry changes by alerting the user to registry changes by software, and allowing them only if approved by the user. Legitimate registry changes are mostly (but not always) made when programs are installed, uninstalled, or updated; changes when program modification is not known to be happening can be due to hidden installation of malicious software. If you have another computer (e.g. Windows XP or an older version) that has TeaTimer on it, you can copy it to the new version and it will run.

Some programs are supplied with attached spyware or adware and refuse to run when they are not present; newer versions of Spybot replace the spyware binaries with inert dummies (designed to fool programs which simply check for the presence of the spyware's file).

In order to detect recently created programs efficiently, detection updates are released weekly with other improvements such as added languages and better heuristic algorithms. These updates are downloaded and installed from within the software from a variety of mirrors.

Spybot-S&D is available for all versions of Windows starting with Windows 95. It is supplied translated into many languages and with several skins. Instructions are available on the website to enable users to design their own skins.

Technical support is currently supplied by means of Internet forums and support e-mails (with a usual response time of no more than 24 hours).

Reviews and awards

Versions of Spybot-S&D won awards including the World Class 2003 Awards, the PC Magazine Editor's Choice and PC User Top Buy #1. It has been recommended by ZDNet, the Wall Street Journal, The Guardian, MSNBC, CNN and other reviewers.

Although PC Magazine initially rated it highly in 2003, their rating declined to "poor" in 2008 and "dismal" in 2012, improving to "fair" in 2014:

PC Magazine Editors' Ratings (out of 5 possible)
  • 2003 4/5 EDITORS' CHOICE AWARD
  • v1.2 2004 4/5
  • v1.3 2005 3/5
  • v1.4 2005 2.5/5
  • v1.5 2008 1.5/5
  • v2.0 2012 1/5
  • v2.3 2014 2.5/5 (fair)

    • In January 2008, PC Magazine elected it as one of the worst tech products of the first quarter of 2008 and called its malware cleaning-up skills mediocre.

    Newer versions of the program (ver. 2.2.25 and ver. 2.4), issued in 2014, received a 5/5 rating from TechRadar. Towards the end of 2014, though, TechRadar's rating for version 2.4 has been revised downward to 3/5.

    Versions

    Version 1.5 had better compatibility than previous versions with Wine (software which allows running of Windows programs under Linux), and restores compatibility with Windows 95 which was faulty in 1.4.

    Version 1.6 was said by Safer Networking to scan several times faster than version 1.5.

    Version 2.4 was released in July 2014.

    Malicious lookalikes

    There are several malicious programs designed to look like Spybot-S&D (and other anti-malware software), with similar user interfaces and program file names. Some actually install spyware. These programs are known as rogue antispyware.

    Searching the words "spybot", or "search & destroy", "spybot antispyware" or any other related search on a search engine will often result in a paid advertisement for "SpywareBot". This program is a known rogue antispyware program, which fraudulently uses the "search and destroy" logo and a name similar to Spybot to persuade users into downloading it under the impression that it is Spybot Search & Destroy. This program, unlike Spybot S&D, requires payment.

    Incompatibility and conflicts

    It was reported in 2009 that several commercial security products required users to uninstall Spybot when they are being installed or run, due to stated incompatibility with memory-resident "immunizer" Teatimer.

    Commercial security products

    The makers of Spybot-S&D came into conflict with Norton Internet Security over compatibility issues in 2006. Symantec recommended uninstalling Spybot-S&D before installing Norton Internet Security. According to Safer Networking, no satisfactory explanation was provided to them for this decision. Antivirus professional Mary Landesman suggests a possible explanation may stem from a graphical glitch in TeaTimer module's confirmation dialog. An official explanation from Safer Networking stated that the error was caused by a bug in the program used to build their code. The result of the bug was that users had difficulty enabling Norton Internet Security to make necessary changes to critical registry areas, such as allowing itself to launch on computer startup. Aside from this, Mary Landesman, like Safer Networking, concluded that the two programs had no issue with one another. The bug was fixed in the 1.5 release.

    Kaspersky Anti-Virus and Kaspersky Internet Security since version 2009 force users to uninstall Spybot during the installation process, although there is no serious incompatibility yet known. The discussion was concluded in the Kaspersky forum, which said not to install Spybot at all. Kaspersky seems to be reluctant to fix the issue, despite receiving several complaints. Incompatibility between the products might occur when Spybot S&D tries to modify the hosts-file (if selected by the user during immunization), which Kaspersky will interpret as an attempt to harmfully manipulate the file. This can be circumvented by not immunizing the hosts-file in Spybot S&D.

    Trend Micro Officescan followed Norton, Kaspersky and McAfee in simply removing Spybot without warning or notification afterwards.

    Internet Explorer 8

    The immunisation feature of Spybot – Search & Destroy caused Internet Explorer 8 to start slower than expected. Fix KB969897, which resolved this problem while addressing certain other security vulnerabilities, was issued by Microsoft in 2009.

    References

    Spybot – Search & Destroy Wikipedia
    (Text) CC BY-SA