 |
 Spybot Search and Destroy - part I
by Andrew Cooper
In two of my recent articles I reviewed tools for neutralizing adware and spyware. This time I am eager to test another anti-malware, privacy-preserving solution; a program with the promising name of Spybot Search and Destroy 1.3.
The program comes absolutely free of charge, but the authors ask for a small donation; totally fine with me, they need to make a living just like the rest of us. So if you like their software, show them some support.
Installation
After downloading the installation file (about 4 megs) from the German developer's website, I immediately installed the program, which is supported in English, French, German, Italian and Dutch. The installation went smoothly except for two small questions I had no clue how to answer, so I trusted my intuition and continued. The installed version of the program uses about 10 megs of disk space, an average for a program of its type.
First Run
At the launch, an alert window titled "Legal stuff" opens to warn you of the following: "If you remove advertisement robots with this program, you may not be allowed to continue using their host programs. Read their license agreements for further information".
Then I was asked if I would like to make a backup copy of my Windows registry (a "snapshot" of configuration settings for all Windows applications and the OS itself); I replied no, but went straight to the Windows XP-included data backup utility (found at %SystemRoot%\system32\ntbackup.exe if you're using Windows XP Professional) and manually backed up my "System State" registry with it. I strongly urge you to back up your system at least every two weeks just in case Windows misbehaves, and we all know how often that happens!
The program then invited me to update the files and to this I agreed. As the update bar progressed, I noticed the updater was loading in new detection rules from Spybot's server. Clicking Next, I expected I would finally get the program's main window, but again another dialog window, this time offering to immunize the system.
Knowing very little about the immunization Spybot would perform, I decided to defer this to a later time. Then came another screen informing me that I was about to use the main program, but recommended I read the help file outlining the program's capabilities and the tutorial. I review both, as I think it's beneficial to first understand a program's principles, and then proceed to its basic operations. The following is how the program describes its main features on the intro screen of the help file:
"Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)
Spybot-S&D can also clean usage tracks, an interesting function if you share your computer with other users and don't want them to see what you worked on. And for professional users, it allows to fix some registry inconsistencies and extended reports."
The tutorial accompanying the help file is quite clear and easily understandable even for first-time users.
After everything's set and ready, I finally got to see the program itself.
Tools and settings making the program "work your way"
This is how the main window looks: quite compact, neat and interesting:
The window has two panes-Windows Explorer-style. I wanted to immediately scan my hard drives for spyware or bad objects, but decided to check the configuration settings. One reason for me going to the settings menu was to make the program display action prompts before any changes were made. I decided to switch to advanced mode, believing I had enough experience not to modify items I was unsure about.
Under the settings menu, you can configure numerous program options. Clicking on the "file sets" tab, you find the wealth of components Spybot S&D can scan through is indeed impressive:
- Cookies.
- Expensive Dialers (dial-up settings intentionally configured to make your Internet connection extremely expensive. These may be international calls to specific ISPs or ISPs with exorbitant fees).
- Hijackers (Internet browser start page modifiers).
- Key loggers.
- LSP (Layered Service Provider)-windows socket configurations hijacked to be used with malicious spyware.
- Malware.
- Revisions-"stuff removed for revision" is the description (hazy, isn't it?).
- Security.
- Spybots-the underlying concept of the program.
- Trojans.
Spybot can also scan usage tracking (other users' ability to track your interactions on a perceived machine).
Spybot lets its users configure many other options, ranging from directory assignments, skin plug-ins, a built-in scheduler and the advanced "ignore list" to the excellent bug logger.
Spybot S&D tools tab also deserves some praise. It's packed with an abundance of options, and I recommend you take a look at this fiesta! I will briefly run through them for introductory purposes; be my guest to explore them further.
Secure shredder lets you securely erase any file on your HDD.
ActiveX remover gives you an opportunity to remove any installed ActiveX components. Spybot S&D maintains an active database of ActiveX components and is able to distinguish between legitimate and malicious ones. Thumbs up to this extremely functional option!
BHO (Browser Helper Object) removal tool is also outstanding. It offers to get rid of unnecessary "additional" toolbars stuck to your Internet Explorer browser. It helped me remove two BHO objects: new.net and myway.mybar. These were in the Windows Startup registry and I could not get rid of them manually.
Another tool, Processes list is identical to the Windows XP task manager (found at %SystemRoot%\system32\taskmgr.exe), but gives more information on the original locations of the currently run processes.
System startup and Uninstall info are more advanced functions of their Windows counterparts.
The program is also supported in the Windows taskbar, enabling the user to control certain components of Internet Explorer and to track registry changes made by malicious software.
The wealth of tools and settings Spybot offers is certainly intriguing, but let's see how the program manages to justify its "seek and destroy" claims.
Continue to Part II
|
|
