Spybot – Search & Destroy
||This article uses bare URLs for citations, which may be threatened by link rot. (July 2014)|
Spybot - Search & Destroy 2.1
|Stable release||2.4 / July 1, 2014|
|Operating system||Microsoft Windows, Windows Mobile, and Symbian (older versions of Spybot only)|
|Type||Spyware removal software|
Spybot-S&D was written by the German software engineer Patrick Michael Kolla, and is distributed by Kolla's Irish company Safer-Networking Limited. Development began in 2000 when Kolla, still a student, wrote a small program to deal with the Aureate/Radiate and Conducent TimeSink programs, two of the earliest examples of adware.
Spybot – Search & Destroy is released as freeware for personal users with more featureful versions available for purchase. Corporate and technician users have to buy a commercial version. The paid for versions contain an anti-virus component that use the BitDefender engine.
In addition to spyware and adware detection and disinfection, Spybot-S&D can repair the registry, winsock LSPs, ActiveX objects, browser hijackers and BHOs, PUPs, computer cookies, trackerware, heavy duty, homepage hijackers, keyloggers, LSP, tracks, trojans, spybots, revision, and other kinds of malware. It can also delete tracking cookies. Spybot-S&D has an Immunize function to block the installation of spyware before it occurs e.g. by modifying the hosts file. A secure file deleter is included. Spybot-S&D was not originally intended to replace anti-virus programs (prior to v. 2.1 'Spybot +AV'), but it does detect some common trojans and rootkits. A free-standing rootkit finder, RootAlyzer, is available.
The TeaTimer module is currently removed for a reason not made clear. The TeaTimer module could be optionally enabled, providing some active, real-time protection against unwanted registry changes by alerting the user to registry changes by software, and allowing them only if approved by the user. Legitimate registry changes are mostly (but not always) made when programs are installed, uninstalled, or updated; changes when program modification is not known to be happening can be due to hidden installation of malicious software. If you have another computer (e.g. Windows XP or an older version) that has Teatimer on it, you can copy it to the new version and it will run.
Some programs are supplied with attached spyware or adware and refuse to run when they are not present; newer versions of Spybot replace the spyware binaries with inert dummies (designed to fool programs which simply check for the presence of the spyware's file).
In order to detect recently created programs efficiently, detection updates are released weekly with other improvements such as added languages and better heuristic algorithms. These updates are downloaded and installed from within the software from a variety of mirrors.
Spybot-S&D is available for all versions of Windows starting with Windows 95. It is supplied translated into many languages and with several skins. Instructions are available on the website to enable users to design their own skins.
Reviews and awards
|This article is outdated. (September 2011)|
Spybot-S&D has won awards including the World Class 2003 Awards, the PC Magazine Editor's Choice and PC User Top Buy #1. It has been recommended by ZDNet, the Wall Street Journal, The Guardian, MSNBC, CNN and other reviewers.
Although PC Magazine initially rated it highly in 2003, their rating declined to "poor" in 2008 and "dismal" in 2012:
- PC Magazine Editors' Ratings (out of 5 possible)
- 2003 4/5 EDITORS' CHOICE AWARD
- v1.2 2004 4/5
- v1.3 2005 3/5
- v1.4 2005 2.5/5
- v1.5 2008 1.5/5
- v2.0 2012 1/5
In January 2008, PC Magazine, after giving Spybot Search & Destroy 1.5 a score of 1.5 out of 5, elected it as one of the worst tech products of the first quarter of 2008 and called its malware cleaning-up skills mediocre.
Version 1.5 had better compatibility than previous versions with Wine (software which allows running of Windows programs under Linux), and restores compatibility with Windows 95 which was faulty in 1.4. Version 1.6 was said by Safer Networking to scan several times faster than version 1.5. As of May 15, 2013, the stable release version was Spybot 2.3.
There are several malicious programs designed to look like Spybot-S&D (and other anti-malware software), with similar user interfaces and program file names. Some actually install spyware. These programs are known as rogue antispyware.
Searching the words "spybot", or "search & destroy", "spybot antispyware" or any other related search on a search engine will often result in a paid advertisement for "SpywareBot".  This program is a known rogue antispyware program, which fraudulently uses the "search and destroy" logo and a name similar to Spybot to persuade users into downloading it under the impression that it is Spybot Search & Destroy. This program, unlike Spybot S&D, requires payment.
Incompatibility and conflicts
Removal by commercial security products
Several commercial security products require users to uninstall Spybot when they are being installed or when they run.
Norton Internet Security
The makers of Spybot-S&D came into conflict with Norton Internet Security over compatibility issues in 2006. Symantec recommended uninstalling Spybot-S&D before installing Norton Internet Security. According to Safer Networking, no satisfactory explanation was provided to them for this decision. Antivirus professional Mary Landesman suggests a possible explanation may stem from a graphical glitch in TeaTimer module's confirmation dialog. An official explanation from Safer Networking[dead link] stated that the error was caused by a bug in the program used to build their code. The result of the bug was that users had difficulty enabling Norton Internet Security to make necessary changes to critical registry areas, such as allowing itself to launch on computer startup. Aside from this, Mary Landesman, like Safer Networking, concluded that the two programs had no issue with one another. The bug was fixed in the 1.5 release.
Kaspersky Internet Security
Kaspersky Anti-Virus and Kaspersky Internet Security since version 2009 force users to uninstall Spybot during the installation process, although there is no serious incompatibility yet known. The discussion was concluded in the Kaspersky forum, which said not to install Spybot at all. Kaspersky seems to be reluctant to fix the issue, despite receiving several complaints.
Incompatibility between the products might occur when Spybot S&D tries to modify the hosts-file (if selected by the user during immunization), which Kaspersky will interpret as an attempt to harmfully manipulate the file. This can be circumvented by not immunizing the hosts-file in Spybot S&D.
Trend Micro Officescan follows Norton, Kaspersky and McAfee in simply removing Spybot without warning or notification afterwards.
Internet Explorer 8
The immunisation feature of Spybot – Search & Destroy caused Internet Explorer 8 to start slower than expected. Fix KB969897, which resolved this problem while addressing certain other security vulnerabilities, was issued by Microsoft in 2009.
- "Compatibility". Safer-Networking.org. Retrieved 2014-01-03.
- "Spybot – Search & Destroy from Safer-Networking Ltd". Safer-Networking.org. Safer-Networking Limited.
- "Welcome to the Safer-Networking Forums". Safer-Networking.org. Safer-Networking Limited. Retrieved 13 June 2008.
- Rubenking, Neil J. "Spybot Search & Destroy 1.5". PC Magazine (Ziff Davis). Archived from the original on 9 July 2013. Retrieved 13 June 2008.
- Jacobson, Vicki B. (14 April 2008). "The Worst Tech Products of Q1 2008". PC Magazine.
- "Welcome to Spybot - Search & Destroy 1.5". Retrieved 13 June 2008.[dead link]
- "Bug fixes since 1.5 (updates files available here!)". Safer-Networking.org. Safer-Networking Limited. Retrieved 2013-11-10.
- Vincentas (18 October 2012). "TheSpyBot.exe in SpyWareLoop.com". Spyware Loop. Retrieved 28 July 2013.
- Spyware Warriors Rogue Antispyware Listing
- "Spybot Search & Destroy competitors are trying to force its removal". Betanews.
- Mary Landesman (October 3, 2006). "Symantec and Spybot: War of the Words". Archived from the original on 9 July 2013. Retrieved 18 September 2007.
- "Small bugs in TeaTimer". June 22, 2005. Retrieved 18 September 2007.
- "Kaspersky 8 (2009)+Spybot? - Safer-Networking Forums". Forums.spybot.info. Safer-Networking Limited. 3 September 2008. Archived from the original on 9 July 2013. Retrieved 28 April 2013.
- "Safer-Networking Forums - View Single Post - Trend Micro Officescan 8.x UNINSTALLS SPYBOT!!!". Forums.spybot.info. 2008-01-17. Retrieved 28 April 2013.
- "Internet Explorer 9 and Internet Explorer 8 take longer than expected to start (KB969938)". Support.microsoft.com. 2012-06-29. Archived from the original on 9 July 2013. Retrieved 28 April 2013.