Spybot S&D Ineffectiveness |
It appears that others are validating our test results with Spybot S&D. Although we too appreciate the developer's idealism, Spybot has just not performed all that well in our tests. It would really be a lot better if a small team of volunteer developers could keep up with the aggressive spyware companies, but that's just not the way things work.
Your thoughts?
From "Spyware Confidential"
Idealism vs. commercialism
-8/17/04
I used to be a big fan of Spybot. I thought it had just the kind of rough-and-tumble feel that works best against spyware, it includes a bunch of other features, and its developer operates in an altruistic fashion. However, I perform a lot of real-world testing against some very nasty spyware, and I've seen Spybot either miss major spyware or not be able to remove the stuff it does find. Though I appreciate the developer's idealism, I'm not sure it competes well with other developers' commercial interests in keeping spyware definitions well researched and up-to-date.
A spyware-removal tool is only as good as its definition file, and there's something of an arms race among major developers of spyware removers, such as PestPatrol, Spyware Doctor, and Spy Sweeper, to have the most comprehensive and frequently updated definitions. Also, spyware prevention has become very good in the major commercial programs, which monitor new programs you install for spyware. In the end, Spybot's resident protection hasn't seemed effective enough on my test machine.
Dear Ma'ams and Sirs,
A couple of years ago, I was starting to learn about the spyware threat, and got SpyBot S&D and Ad-Aware. The SpyBot scanner caught a few pieces of spyware that the Ad-Aware scanner missed. And I determined that Ad-Aware's interface is a dog.
Therefore, I became a fan of SpyBot.
Earlier this year, I guess the SpyBot programmers started working on a new version -- not a new spyware definition, but an entirely new version of SpyBot. During that time, they completely stopped providing spyware definition updates. There was nothing on their website asking for our patience while they did their work, and for about four months, their old scanner kept reporting, "No New Updates."
I'm sure people performed millions of spyware scans on their computers with SpyBot, unaware that it was not current. I think that was unforgivable.
It was obvious that SpyBot wasn't keeping up, because Ad-Aware was distributing updates every two or three days during those same few months.
In the meantime, Ad-Aware just came out with a totally new program (Ad-Aware SE") to replace your old Ad-Aware scanner. (Uninstall the old, install the new.) They say it scans a little faster. Maybe. I scanned with the old version, then I downloaded the new version, ran another scan, and the new version found one more item that it called "critical."
As usual, I let Ad-Aware delete whatever it deemed necessary.
Ad-Aware SE also reports some non-spyware software -- "negligible risk entries," such as MRU Lists (Most Recently Used files) opened by Word, Media Player, and other applications, and other things that would cause "operator inconvenience" if you were to erase them. These are listed in a separate tab from the critical finds, so there's not much danger of deleting them by mistake, unless you browse around the interface and delete everything that has a checkbox, willy-nilly.
Even if SpyBots scanner isn't as well supported as Ad-Aware's, SpyBot has another function that's worthwhile. They have "TeaTimer," which monitors your registry. If anything tries to change the registry, TeaTimer stops the change, and asks your permission to accept or deny as you see fit.
Since the registry is unfathomable to most of us, it is a favorite target of spyware installations. At least, with SpyBot's TeaTimer, changes to the registry become conscious decisions instead of being performed behind your back, even if you don't exactly understand the function. Getting a TeaTimer alert by complete surprise -- such as while browsing the web -- would be a definite reason to deny the change. Getting a TeaTimer alert while changing your wallpaper would be definite reason to accept the change.
The new SpyBot version also lists a whole bunch of things in your computer that are "negligible risk." In fact, their new version came out before Ad-Aware's SE version, suggesting that Ad-Aware copied SpyBot's idea about including extra bloat in the search-and-report. Personally, I have enough bloat in my life without my anti-spyware software reporting stuff that really isn't spyware.
SpyBot continues to include their "Immunize" function, which is a long list of webpages, URLs, and domains that are dirty with spyware. If you browse, get redirected, or popped-up to one of those webpages, SpyBot will keep the webpage from loading onto your computer -- all you get is an empty browser window. Whatever you were looking for, if it gets blocked, it's your chance to get it elsewhere, less hazardously.
When a webpage is blocked from loading, do not complain about the anti-spyware. Do not insist on opening the webpage by closing the anti-spyware. The proper behavior is to browse elsewhere. The anti-spyware could be saving your personal, electronic identity.
After reading a few forums, I've learned enough to become dangerous. One thing I've learned is that unlike antivirus software that you can't run more than one at a time (such as running Norton and McAfee at the same time), it is possible _and_ it is recommended that you run an assortment of anti-spyware at the same time, each running in the background.
Always running in the background of my computer, Moosofts "The Cleaner" (not free) monitors for spyware communications going-into-or-out-of the computer, and has [almost] daily definition updates. I run SpyBot S&D (free), to watch for registry changes.
My favorite is SpyBlocker (not free). No relation to SpyBot. SpyBlocker monitors for spyware downloads, installation, or communications, and blocks them. After installing SpyBlocker two years ago, only two pieces of spyware got into my computer, according to Ad-Aware, and I think that was "operator error." (Periodic scan with Ad-Aware got rid of it, easily.) With SpyBlocker running in the background and an occasional Ad-Aware scan, you can do a lot of web browsing without paranoia.
Even if I caught a bit of spyware, the SpyBlocker would have blocked it from communicating with its "home base."
The most surprising thing about anti-spyware is when it stops you from seeing a webpage. My biggest surprise was that C-Net, ZDNet, and TechTV are silly with spyware. Sometimes, their entire homepages are blocked from loading. Sometimes, only half of their homepages load. It's a shame that the most user-friendly sources of computer tech info should be so spyware laden (according to my anti-spyware programs). Consistent with my anti-spyware softwares advice, I have taken the opportunity to discover plenty of other sources of less spyware-intensive information, and to learn how to use Google effectively.
I have not run across any reviews of Ad-Awares paid version, which includes a function that runs in the background to protect your computer, maybe similarly to SpyBlocker. But I have no reason to switch.
The free version of Ad-Aware has no function running in the background. It's only a scanner that cleans your hard drive after spyware gets loaded onto it -- thats why it makes such a good combination with SpyBlocker. In my limited experience, Ad-Awares scanner has been a good performer for at least a few years, so my respect for it grows.
However, I still think its user interface is a dog.
Best luck,
-Neil-
Adware Report | Site Map | spyware reviews | Recommended Books...