Saturday, November 24, 2012

Spybot - Search & Destroy 2.0


Twelve years ago "spyware" wasn't in most people's vocabulary, so early antispyware products like Ad-Aware and Spybot had to work on education. It's not entirely clear which of them had the first full-scale antispyware?even Spybot's creator isn't sure. But Spybot was definitely one of the first. Spybot - Search & Destroy 2.0 is the first update in a long, long time. It's now billed as a full antivirus that promises to destroy "spyware, malware, adware and other malicious software." It does no such thing.

Spybot is free for non-commercial use, though the company solicits donations. The $13.99 Home edition adds scheduled scan and a couple other features, and eliminates the nag screens. For $24.99 you get the Professional edition which, among other things, gets you access to the protected repair environment and the ability to create rescue CDs. The core antivirus protection is the same.

Some earlier editions of the product included the oddly-named TeaTimer module for realtime protection against new malware attacks. The current edition is strictly a cleanup tool.

Spybot's main window includes icons for common tasks like checking for updates, launching a scan, and checking files in quarantine. It even has an icon to donate money to the designers. Checking a box for Advanced User Mode reveals almost a dozen more icons, though not all of them are functional in the free edition.

Easy Installation
I had no trouble installing Spybot on my twelve malware-infested test systems. Avira Antivirus Free 2013, AhnLab V3 Click, and several others had difficulty with installation on a system that will only boot in Safe Mode. V3 Click actually wouldn't install at all. Spybot sailed through that installation just as it did the other eleven.

I frequently encounter problems after a scan due to over-zealous deletion of system files. F-Secure and VIPRE Antivirus 2013 needed tons of tech support work to restore damaged test systems. Spybot didn't do any damage, but that's because it didn't do much of anything.

Dismal Malware Removal
I ran an initial update on each test system. Wow, the Spybot updater is loaded with unnecessary detail, including the precise version of every component file. Once the update completed, I launched a full system scan. Spybot offers to clean up temporary files before starting a scan; I accepted its offer.

My impression of a typical virus scan is that the antivirus looks at each file and checks whether it matches a signature, or a behavior pattern, or a heuristic signature. Judging from its progress display, Spybot instead goes through its list of known malware and checks whether each is present. I noticed some venerable names like Aureate and Virtumonde in the display.

On completion, Spybot displays everything it found. This includes various types of malware, but also includes insecure system settings, tracking cookies, recently-used file lists, and other distractions. It looks like a lot, but in fact on two of my test systems Spybot missed all three of the installed malware samples.

At the end of each scan, a window pops up explaining what to do "if you suspect that Spybot might not have detected some issues that other scanners have detected." It offers to disable third party cookies (for whatever good that would do) or submit files for analysis.

Spybot detected just 32 percent of my current malware samples, knocking Anvi Smart Defender (which got 60 percent) out of last place. It did a terrible job removing the few samples it did find. Fully half of those were still running after Spybot's supposed cleanup. Spybot's overall score of 1.5 points is also a new low.

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/aa9Z1xgpzxc/0,2817,2412372,00.asp

joshua komisarjevsky barney frank barney frank kim richards robert hegyes mary louise parker mary louise parker

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.