> > Seeing some people use Spybot Search & Destroy to remove spyware I > > thought people might be interested in the following review that > > appeared in PC Magazine and is taken from > > www.pcmag.com/print_article2/0,1217,a=224597,00.asp. -Steve. > > > > Spybot Search & Destroy 1.5 > > REVIEW DATE: 02.15.08 > > > > BOTTOM LINE: > > Spybot's skill at cleaning up malware-infested systems is mediocre, > > and it has almost > > no ability to protect a clean system. Back in its heyday it was > > deservedly popular, > > but that day has long passed. For modern threats you'll need a > > modern spyware protector. > > > > PROS: > > > > Advanced mode tools are handy for highly skilled users. Immunization > > prevents some > > problems by adjusting browser settings. Boot-time scan manages some > > locked files. > > > > CONS: > > > > Poor at real-world spyware removal. Real-time protection interferes > > with spyware > > removal and rarely identifies malware. Does almost nothing to > > prevent malware install > > on a clean system. > > > > COMPANY: > > Safer Networking Limited > > SPEC DATA > > Price: $0.00 > > Type: Personal > > Free: Yes > > OS Compatibility: Windows Vista, Windows XP > > > > By > > Neil J. Rubenking > > > > Spyware seems so ubiquitous these days that it's hard to remember it > > wasn't always > > so. I first wrote about the topic in 2000, and in that same year > > Patrick Kolla started > > developing a program to counter the threat. In the early 2000s, > > Kolla's Spybot was > > one of the few antispyware utilities available, and it became hugely > > (and deservedly) > > popular. Unfortunately, over the years it hasn't kept up with modern > > malware. I stopped > > recommending it some years ago. But when we ran our roundup, > > Nine Ways to Wipe Out Spyware > > there was a great outcry at its omission. Apparently, many of you > > stuck by this > > elder statesman of spyware long after I gave up on it. I decided > > that if so many > > of you still swore by it, I owed it to you to put the latest version > > of Kolla's app > > through the same tests as all the rest-either to confirm your > > opinions or to warn > > you that Spybot didn't measure up. Accordingly, I ran the current > > version, Spybot > > - Search & Destroy 1.5, through my standard testing regimen. > > The program hasn't visibly changed in years. It's still separated > > into a main Spybot > > scanning module and a real-time protection module that goes by the > > unusual name of > > TeaTimer. Installation is quick and it leads you through getting the > > latest updates > > and running its immunization process, which is supposed to prevent > > certain unauthorized > > changes to your system. I was a bit surprised at the date on the > > latest immunization > > files: July 25, 2007. That was over six months ago-not a good omen > > for Spybot.- > > > > Can It Search and Destroy? > > > > I installed Spybot on my usual test systems, each infested with > > several malware samples > > such as adware, spyware, Trojan horses, rootkits, and rogue > > antispyware products. > > The utility seized up during the fixing process on a couple of > > systems, forcing me > > to cold-boot and start over. On one system, the software threw a ton > > of error messages > > and then blue-screened, but on reboot the scan worked. While the > > process was a little > > rocky, it wasn't any worse overall than what I experienced evaluating > > Spyware Doctor with AntiVirus 5.5. > > > > The cleanup process was rendered extremely tedious by infighting > > between Spybot's > > two personalities. To clean up many found threats, the program had > > to delete the > > Registry items that caused the threat to launch at start-up. But the > > real-time protection > > module reported the Registry change attempt and asked me whether to allow > it- > > every > > time! Worse, whenever Spybot found an in-use file, it created a > > Registry entry to > > delete that file at the next reboot. Here, too, the real-time > > protection module flagged > > each change and asked me whether to allow it. Talk about the left > > hand not knowing > > what the right hand is doing! On one system I had to answer more > > than 60 of these > > pop-up queries. Why can't it just quietly take care of business, > > like the competition? > > > > In order to make sure it had the best opportunity to succeed at > > malware cleanup, > > I carefully checked the "Remember this decision" box and clicked > > "Allow change" every > > time it asked whether to allow its own Registry changes. But wow, > > what a waste of > > time! > > > > In a number of cases, because the utility couldn't delete certain > > files (they were > > locked by the malware), it asked to reboot and rescan during the > > boot process so > > that it could delete those files before other programs loaded. But > > even with this > > boot-time advantage, Spybot didn't do a very good job of cleaning up > > the infested > > systems. It totally missed about a quarter of the samples and failed > > to fully remove > > almost half of those it did detect. Some were visibly still running. > > Overall, the > > program scored 6.0 points out of 10. That edges out the latest > > version of another > > venerable spyware fighter, > > Ad-Aware 2007 Pro > > , which got 5.9 points, but many products score 9 or better on this test. > > > > Spyware Doctor with AntiVirus 5.5 scored 9.5, and > > Panda Internet Security 2008 > > got a full 10 of 10. In short, if you've got an infested machine, > > Spybot is not > > the app I'd recommend for cleaning it out. > > > > On a separate test using commercial keyloggers instead of malware, > > Spybot totally > > missed half the samples and failed to remove most of those it > > detected. Several of > > them were still running and logging keys after Spybot allegedly > > removed them. The > > product scored 2.5 out of 10 on this test, beating Panda's score of > > 2.1. By contrast, > > Norton Internet Security 2008 > > wiped out all of the keylogger samples, for a perfect 10 of 10. > > This test isn't > > of critical importance, but, still, the results aren't encouraging > > for Spybot.- > > > > Can It Keep Me Safe? > > > > Many products do a better job of keeping malware out of a clean > > system than they > > do of scraping deeply embedded malware from an infested system. That > > makes sense: > > Bad guys that are already installed can fight back or hide > > themselves using rootkit > > techniques. To test Spybot's protective abilities, I installed it on > > a clean system > > and tried to install the same collection of malware samples. > > Typical modern antispyware programs scan files when any attempt is > > made to access > > them-even with the minimal access that occurs when Windows Explorer > > lists the file > > in a folder's contents. Spyware Doctor's File Guard module does > > this, for example. > > But Spybot doesn't go into action until a program launches, and, > > rather than blocking > > known malware, the utility generally displays an ambiguous warning > > that requires > > user intervention. For example, it might say that it has "detected > > an important Registry > > entry that has been changed." As noted, it displays similar warnings > > for valid programs-itself > > among them. > > > > On this test, I blocked only those rare actions from programs that > > Spybot specifically > > identified as malware, because those are the only cases in which the > > average user > > can be reliably counted on to do the same. I'm assuming that the > > average user will > > pay enough attention to notice the mention of "malicious software" > > and block those > > actions. As for the bland warnings that don't mention malware, users > > don't have the > > information to base a decision on. Those who decide to block all > > such actions will > > quickly find themselves disabling valid programs or even preventing > > Spybot itself > > from functioning as designed, and soon they'll join the "allow > > everything" crowd. > > > > Most antispyware utilities abandoned this simplistic protection > > style years ago, > > replacing it with signature-based scanning of all files on access > > and comprehensive > > behavioral analysis for unknown files. > > For over three quarters of the sample installations, the product > > either took no notice > > or displayed a bland pop-up with no reference to malware. When the > > utility did mention > > malware, I checked off the options to let it always kill the > > offending process and > > always delete the file from the disk. Unfortunately, doing so rarely > > prevented the > > malware sample from installing at least partially. > > > > In one case, Spybot got into a protracted knock-down, drag-out fight > > with a malware > > sample trying to install. It accumulated so many small warning > > windows that they > > filled over half the screen, and the system became completely > > unusable, with all > > resources being devoted to the fight between Spybot and the malware > > sample. In the > > end, for keeping malware off of a clean system, Spybot scored a > > dismal 1.2 of 10, > > matching the poor performance of SpyEraser 2. Spyware Doctor blocked > > almost everything, > > scoring 9.8 of 10 on this test, and Panda swept the field with a perfect > 10. > > > > It's fortunate for Spybot that I give much less weight to the test > > in which I try > > to install commercial keyloggers on a protected system. Even Panda, > > which doesn't > > do well with keyloggers, scored 3.6 on this test. Spybot's score: 1 > > out of 10. Norton > > aced this one with 10 out of 10. > > > > I could go into more detail about the advanced features and report > > that they seemed > > to seriously bog down the test systems at times, with events that > > normally occur > > too fast to see happening 10 seconds apart. But really, none of this > > is relevant > > information. While Spybot - Search & Destroy 1.5 may be free, its > > malware cleanup > > skills are mediocre, and it has virtually no ability to prevent > > installation of harmful > > software. In its day it was top-of-the-line, but that day is long past. > > > > Regards Steve >
Visit the JAWS Users List home page at: http://www.jaws-users.com Address for the list archives: http://www.mail-archive.com/[email protected]/ To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.jaws-users.com/BlindComputing.php If you wish to join the JAWS Users List send a blank email to the following address: [EMAIL PROTECTED]
