Spybot - Search & Destroy
Encyclopedia
Spybot Search & Destroy is a popular spyware
and adware
removal program compatible with Microsoft
Windows 95
and later. It scans the computer hard disk
and/or RAM for malicious software.
Spybot-S&D was written by the German software engineer
Patrick Michael Kolla
, and is distributed by Kolla's Irish
company Safer Networking Limited. Development began in 2000 when Kolla, still a student, wrote a small program to deal with the Aureate/Radiate and Conducent TimeSink programs, two of the earliest examples of adware.
. Corporate users are required to purchase a yearly license.
, winsock
LSPs
, ActiveX
objects, browser hijacker
s and BHO
s, PUPS, computer cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. It can also, to some extent, protect a user's privacy by deleting usage tracks like tracking cookies
. Spybot-S&D also includes an "Immunize" feature to block the installation of spyware before it occurs e.g. by modifying the hosts file
. Another tool included in Spybot-S&D is a file shredder, for the secure deletion of files. Spybot-S&D is not intended to replace anti-virus programs, but it does detect some common trojans
.
In 2008 Spybot-S&D announced that they could recognize rootkits much better, and also provided a free-standing rootkit finder, RootAlyzer.
The TeaTimer module can be optionally enabled, providing a level of active, real-time protection
against unwanted registry changes. This comes in the form of pop-ups which alert the user to registry changes, and ask for approval before allowing the change. Registry changes are mostly (but by no means always) made when programs are installed, uninstalled, or updated; changes when program modification is not known to be happening can be due to hidden installation of malicious software.
Some programs ship with attached spyware or adware and refuse to run when they are not present; newer versions of Spybot replace the spyware binaries with inert dummies (designed to fool programs which simply check for the presence of the spyware's file).
In order to detect recently created programs efficiently, detection updates
are released weekly with other improvements such as added languages and better heuristic
algorithm
s. These updates are downloaded and installed from within the software from a variety of mirrors
.
Spybot-S&D is available for all versions of Windows
from Windows 95
and up, and offers more than two dozen different languages and several skins
to users. Instructions are available on the website to enable users to design their own skins.
Technical support is currently supplied by means of Internet forums and support e-mail
s (with a usual response time of no more than 24 hours).
Editor's Choice and PC User
Top Buy #1. Additionally, Spybot was recommended by ZDNet
, the Wall Street Journal, The Guardian
, MSNBC
, CNN
and other reviewers.
Although PC Magazine initially rated it highly in 2003, their rating declined to "poor" in 2008:
In January 2008, PC Magazine
, after giving Spybot Search & Destroy 1.5 a score of just 1.5 out of 5, elected it as one of the worst tech products of the first quarter of 2008 and called its malware
cleaning-up skills mediocre.
(software which allows running of Windows programs under Linux
), and restores compatibility with Windows 95 which was faulty in 1.4.
Version 1.6 is said by Safer Networking to scan several times faster than version 1.5.
s and similar sounding program names. Some clones have been made by spyware manufacturers to make programs that pose as anti-spyware programs, but actually install spyware themselves. These programs are known as rogue antispyware.
Searching the words "spybot", or "search & destroy", "spybot antispyware" or any other related search on a search engine
will often result in a paid advertisement for "SpywareBot
". This program is a known rogue antispyware program, which fraudulently uses the "search and destroy" logo and a name similar to Spybot to fool users into downloading their product instead of the original Spybot Search & Destroy. A key difference between the real Spybot S&D, and false anti-virus programs is that the real Spybot S&D does not require any payment.
Some malicious sites were subtle variations of the legitimate spybot s&d URL such as "Safer-networking.com". The real site is .org, and not .com.
Several of the largest commercial security products require users to uninstall Spybot when they are being installed or when they run.
Norton Internet Security
The makers of Spybot-S&D came into conflict with Norton Internet Security
over compatibility issues in 2006. Symantec recommended uninstalling
Spybot-S&D before installing Norton Internet Security. According to Safer Networking, no satisfactory explanation was provided to them for this decision. Antivirus professional Mary Landesman suggests a possible explanation may stem from a graphical glitch in TeaTimer module's confirmation dialog. An official explanation from Safer Networking stated that the error was caused by a bug
in the program used to build their code. The result of the bug was that users had difficulty enabling Norton Internet Security to make necessary changes to critical registry areas, such as allowing itself to launch on computer startup. Aside from this, Mary Landesman, like Safer Networking, concluded that the two programs had no issue with one another. The bug was was fixed in the 1.5 release.
Kaspersky Internet Security
Kaspersky Antivirus and Kaspersky Internet Security since version 2009 force users to uninstall Spybot during the installation process, although there is no serious incompatibility yet known. The discussion was concluded in the Kaspersky forum, which said not to install Spybot at all. Kaspersky seems to be reluctant to fix the issue, despite receiving several complaints.
Trend Micro
Trend Micro Officescan follows Norton, Kaspersky and McAfee in simply removing Spybot without warning or notification afterwards.
Internet Explorer 8
The immunisation feature of Spybot – Search & Destroy caused Internet Explorer 8 to start slower than expected. Fix KB969897 to resolve this problem was issued by Microsoft on June 9, 2009.
Avira AntiVir
AntiVir tells the user to uninstall Spybot. According to Spybot's developers this is unnecessary and they recommend reinstalling it if you did uninstall it during AntiVir's installation. Spybot's developers have contacted Avira, but Avira refuses to cooperate to resolve the problem.
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
and adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
removal program compatible with Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
and later. It scans the computer hard disk
Hard disk
A hard disk drive is a non-volatile, random access digital magnetic data storage device. It features rotating rigid platters on a motor-driven spindle within a protective enclosure. Data is magnetically read from and written to the platter by read/write heads that float on a film of air above the...
and/or RAM for malicious software.
Spybot-S&D was written by the German software engineer
Software engineering
Software Engineering is the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, and the study of these approaches; that is, the application of engineering to software...
Patrick Michael Kolla
Patrick Michael Kolla
Patrick Michael Kolla is the owner of Safer-Networking Limited. He is also the author of the popular anti-spyware tool Spybot Search & Destroy - a freely downloadable spyware repair utility....
, and is distributed by Kolla's Irish
Republic of Ireland
Ireland , described as the Republic of Ireland , is a sovereign state in Europe occupying approximately five-sixths of the island of the same name. Its capital is Dublin. Ireland, which had a population of 4.58 million in 2011, is a constitutional republic governed as a parliamentary democracy,...
company Safer Networking Limited. Development began in 2000 when Kolla, still a student, wrote a small program to deal with the Aureate/Radiate and Conducent TimeSink programs, two of the earliest examples of adware.
Licensing
Spybot – Search & Destroy is currently released as freewareFreeware
Freeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...
. Corporate users are required to purchase a yearly license.
Spybot features
Along with spyware and adware detection and disinfection capabilities, Spybot-S&D can repair the registryWindows registry
The Windows Registry is a hierarchical database that stores configuration settings and options on Microsoft Windows operating systems. It contains settings for low-level operating system components as well as the applications running on the platform: the kernel, device drivers, services, SAM, user...
, winsock
Winsock
In computing, the Windows Sockets API , which was later shortened to Winsock, is a technical specification that defines how Windows network software should access network services, especially TCP/IP. It defines a standard interface between a Windows TCP/IP client application and the underlying...
LSPs
Layered Service Provider
Layered Service Provider is a feature of the Microsoft Windows Winsock 2 Service Provider Interface . A Layered Service Provider is a DLL that uses Winsock APIs to insert itself into the TCP/IP protocol stack. Once in the stack, a Layered Service Provider can intercept and modify inbound and...
, ActiveX
Component Object Model
Component Object Model is a binary-interface standard for software componentry introduced by Microsoft in 1993. It is used to enable interprocess communication and dynamic object creation in a large range of programming languages...
objects, browser hijacker
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
s and BHO
Browser Helper Object
A Browser Helper Object is a DLL module designed as a plugin for Microsoft's Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer...
s, PUPS, computer cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. It can also, to some extent, protect a user's privacy by deleting usage tracks like tracking cookies
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
. Spybot-S&D also includes an "Immunize" feature to block the installation of spyware before it occurs e.g. by modifying the hosts file
Hosts file
The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is conventionally named hosts.-Purpose:...
. Another tool included in Spybot-S&D is a file shredder, for the secure deletion of files. Spybot-S&D is not intended to replace anti-virus programs, but it does detect some common trojans
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
.
In 2008 Spybot-S&D announced that they could recognize rootkits much better, and also provided a free-standing rootkit finder, RootAlyzer.
The TeaTimer module can be optionally enabled, providing a level of active, real-time protection
Real-time protection
Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, antispyware, and other antimalware programs, which is arguably their most important feature...
against unwanted registry changes. This comes in the form of pop-ups which alert the user to registry changes, and ask for approval before allowing the change. Registry changes are mostly (but by no means always) made when programs are installed, uninstalled, or updated; changes when program modification is not known to be happening can be due to hidden installation of malicious software.
Some programs ship with attached spyware or adware and refuse to run when they are not present; newer versions of Spybot replace the spyware binaries with inert dummies (designed to fool programs which simply check for the presence of the spyware's file).
In order to detect recently created programs efficiently, detection updates
Patch (computing)
A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance...
are released weekly with other improvements such as added languages and better heuristic
Heuristic
Heuristic refers to experience-based techniques for problem solving, learning, and discovery. Heuristic methods are used to speed up the process of finding a satisfactory solution, where an exhaustive search is impractical...
algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
s. These updates are downloaded and installed from within the software from a variety of mirrors
Mirror (computing)
In computing, a mirror is an exact copy of a data set. On the Internet, a mirror site is an exact copy of another Internet site.Mirror sites are most commonly used to provide multiple sources of the same information, and are of particular value as a way of providing reliable access to large downloads...
.
Spybot-S&D is available for all versions of Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
from Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
and up, and offers more than two dozen different languages and several skins
Skin (computing)
In computing, a skin is a custom graphical appearance achieved by the use of a graphical user interface that can be applied to specific software and websites to suit the purpose, topic, or tastes of different users....
to users. Instructions are available on the website to enable users to design their own skins.
Technical support is currently supplied by means of Internet forums and support e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
s (with a usual response time of no more than 24 hours).
Reviews and awards
In previous years Spybot-S&D has been applauded for its ease of installation, free updates, and excellent features. It won numerous awards, including the World Class 2003 Awards, the PC MagazinePC Magazine
PC Magazine is a computer magazine published by Ziff Davis Publishing Holdings Inc. A print edition was published from 1982 to January 2009...
Editor's Choice and PC User
PC User
PC User is an Australian general computer magazine, published by Australian Consolidated Press. It was first published in 1990 and is issued monthly. It is Australia's best selling computer magazine, with over 350,000 readers and 60,000 copies sold each month...
Top Buy #1. Additionally, Spybot was recommended by ZDNet
ZDNet
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic and SmartPlanet. The brand was founded on April 1, 1991 as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET...
, the Wall Street Journal, The Guardian
The Guardian
The Guardian, formerly known as The Manchester Guardian , is a British national daily newspaper in the Berliner format...
, MSNBC
MSNBC
MSNBC is a cable news channel based in the United States available in the US, Germany , South Africa, the Middle East and Canada...
, CNN
CNN
Cable News Network is a U.S. cable news channel founded in 1980 by Ted Turner. Upon its launch, CNN was the first channel to provide 24-hour television news coverage, and the first all-news television channel in the United States...
and other reviewers.
Although PC Magazine initially rated it highly in 2003, their rating declined to "poor" in 2008:
- PC Magazine Editors' Ratings (out of 5 possible)
- 2003 4/5 EDITORS' CHOICE AWARD
- v1.2 2004 4/5
- v1.3 2005 3/5
- v1.4 2005 2.5/5
- v1.5 2008 1.5/5
In January 2008, PC Magazine
PC Magazine
PC Magazine is a computer magazine published by Ziff Davis Publishing Holdings Inc. A print edition was published from 1982 to January 2009...
, after giving Spybot Search & Destroy 1.5 a score of just 1.5 out of 5, elected it as one of the worst tech products of the first quarter of 2008 and called its malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
cleaning-up skills mediocre.
Versions
Version 1.5 has better compatibility than previous versions with WineWine (software)
Wine is a free software application that aims to allow computer programs written for Microsoft Windows to run on Unix-like operating systems. Wine also provides a software library, known as Winelib, against which developers can compile Windows applications to help port them to Unix-like...
(software which allows running of Windows programs under Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
), and restores compatibility with Windows 95 which was faulty in 1.4.
Version 1.6 is said by Safer Networking to scan several times faster than version 1.5.
Malicious clones
Several people, knowing the program's great legitimacy, have made Spybot 'clones' with similar user interfaceUser interface
The user interface, in the industrial design field of human–machine interaction, is the space where interaction between humans and machines occurs. The goal of interaction between a human and a machine at the user interface is effective operation and control of the machine, and feedback from the...
s and similar sounding program names. Some clones have been made by spyware manufacturers to make programs that pose as anti-spyware programs, but actually install spyware themselves. These programs are known as rogue antispyware.
Searching the words "spybot", or "search & destroy", "spybot antispyware" or any other related search on a search engine
Web search engine
A web search engine is designed to search for information on the World Wide Web and FTP servers. The search results are generally presented in a list of results often referred to as SERPS, or "search engine results pages". The information may consist of web pages, images, information and other...
will often result in a paid advertisement for "SpywareBot
SpySheriff
SpySheriff is malware that disguises itself as an anti-spyware program. SpySheriff is also known as Brave Sentry, Pest Trap, SpyTrooper, and SpywareNo. The program attempts to trick the user of an infected computer into buying the program by repeatedly informing them of false threats to their system...
". This program is a known rogue antispyware program, which fraudulently uses the "search and destroy" logo and a name similar to Spybot to fool users into downloading their product instead of the original Spybot Search & Destroy. A key difference between the real Spybot S&D, and false anti-virus programs is that the real Spybot S&D does not require any payment.
Some malicious sites were subtle variations of the legitimate spybot s&d URL such as "Safer-networking.com". The real site is .org, and not .com.
Incompatibility and conflicts
Removal by commercial security productsSeveral of the largest commercial security products require users to uninstall Spybot when they are being installed or when they run.
Norton Internet Security
The makers of Spybot-S&D came into conflict with Norton Internet Security
Norton Internet Security
Norton Internet Security, developed by Symantec Corporation, provides malware prevention and removal during subscription period and uses signatures and heuristics to identify viruses. Other features include a software firewall, e-mail spam filtering, and phishing protection.Symantec distributes...
over compatibility issues in 2006. Symantec recommended uninstalling
Uninstaller
An uninstaller, also called a deinstaller, is a utility software designed to remove other software or parts of it from a computer. It is the opposite of an installer.-Components:...
Spybot-S&D before installing Norton Internet Security. According to Safer Networking, no satisfactory explanation was provided to them for this decision. Antivirus professional Mary Landesman suggests a possible explanation may stem from a graphical glitch in TeaTimer module's confirmation dialog. An official explanation from Safer Networking stated that the error was caused by a bug
Software bug
A software bug is the common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's...
in the program used to build their code. The result of the bug was that users had difficulty enabling Norton Internet Security to make necessary changes to critical registry areas, such as allowing itself to launch on computer startup. Aside from this, Mary Landesman, like Safer Networking, concluded that the two programs had no issue with one another. The bug was was fixed in the 1.5 release.
Kaspersky Internet Security
Kaspersky Antivirus and Kaspersky Internet Security since version 2009 force users to uninstall Spybot during the installation process, although there is no serious incompatibility yet known. The discussion was concluded in the Kaspersky forum, which said not to install Spybot at all. Kaspersky seems to be reluctant to fix the issue, despite receiving several complaints.
Trend Micro
Trend Micro Officescan follows Norton, Kaspersky and McAfee in simply removing Spybot without warning or notification afterwards.
Internet Explorer 8
The immunisation feature of Spybot – Search & Destroy caused Internet Explorer 8 to start slower than expected. Fix KB969897 to resolve this problem was issued by Microsoft on June 9, 2009.
Avira AntiVir
AntiVir tells the user to uninstall Spybot. According to Spybot's developers this is unnecessary and they recommend reinstalling it if you did uninstall it during AntiVir's installation. Spybot's developers have contacted Avira, but Avira refuses to cooperate to resolve the problem.