Spybot Search & Destroy
By Michael Ross
This article was published by ComputorEdge, issue #2823, 2010-06-04, as a feature article, in both their PDF edition (on pages 10-15) and their website.
Most computer users are familiar with the concept of spyware — at least, they understand that it is something that can end up on their computers and cause some sort of harm, similar to viruses. The average computer user arguably has no need to understand the intricacies of spyware, or any other form of malware. But at a minimum, they should be cognizant that it is malicious software that collects personal information, usually with the intent of sending that information to third parties, without the owner's knowledge or consent. If anyone would like to learn the historical, technical, and legal details of spyware, then an excellent place to begin is the Wikipedia entry.
The realm of malware is replete with medical references. You will hear software vendors urge prospective customers to "inoculate" their systems against possible "infection" by the latest "strain" of "computer virus" that happens to be "spreading" across the Internet. Aside from the melodramatic value — which can then become transmuted into monetary value — the analogies are in many ways quite valid, because there are definite parallels between computational and biological viruses, and the means of battling against them. Just as we humans can minimize the risks of ill health through prevention and curing, the same is true of protecting the health of our vulnerable PCs.
In terms of preventive medicine for your body, it is best to employ a multi-pronged strategy involving optimal diet, sleep, exercise, and other factors. Likewise, the best approach for preventing your computer from ever falling prey to malware — including spyware — is by adhering to several best practices: Install a software or hardware firewall that can detect and selectively block incoming traffic (such as attacks from hackers via your broadband connection to the Internet) and outgoing traffic (such as spyware "phoning home" to the miscreants who created it). Avoid dicey websites — especially those that ask you to install anything on your computer just to access tempting goodies, such as videos. Use the latest version of a safe browser (e.g., Firefox) and see if it has add-ons that further enhance your security (e.g., https://addons.mozilla.org/en-US/firefox/browse/type:1/cat:12).
Calling Dr. Spybot
Despite following these and other security precautions, it is quite possible that your computer will get hit with some spyware, at one point or another in the future. That's where the other side of the computer health-maintenance coin comes into play. To cure your PC of what ails it, you can turn to one of several anti-spyware applications available on the market. Some are focused exclusively on battling spyware, while others include it as just one component in an overall security package. The solutions available range from costly to free, and there has been no evidence so far that the former is any better than the latter. In this article we will examine one of the most popular and highly regarded freeware alternatives: Spybot Search & Destroy, developed and offered by Safer Networking Ltd..
Figure 1. Safer Networking homepage (English version)
Spybot is one of five software products made by this firm, and is undoubtedly their most well-known. The good folks at Safer Networking are constantly looking for new types of spyware, and, in response, updating the detection patterns that Spybot uses for catching potential spyware. As with any solid malware protection product, Spybot makes it possible to update the detection patterns without having to download the entire product and reinstall it. We will examine that process in a moment.
Although there are other free spyware programs out there, Safer Networking's track record of frequently updating against the latest threats, is but one reason why Spybot is an excellent choice. Secondly, it looks for over 700,000 detection patterns, and counting. Thirdly, in the numerous head-to-head competitions conducted by computer industry publications such as PCMag.com and PC World, Spybot has garnered top honors. Fourthly, it supports no fewer than 26 browsers "for immunization and restricted access shortcuts". Lastly, installing and running the program is quite easy, which we will take a look at next.
The best way to see what Spybot is capable of, is by trying it out. If you have your hard drive divided into multiple partitions, and at least two of them are bootable, then you have the option of installing Spybot on one partition and yet running it from another — a capability not shared by most security programs. To get started, click on any one of the download links on any of the Spybot Web pages, and save the file (version 1.6.2, at this time) someplace on your PC where you can easily find it. Open the installation file, and follow the on-screen instructions, going from one dialog box to the next, until you have completed the installation process. If you would like to read detailed information for each step of the process, check the tutorial page, which also includes screenshots.
All of the default values should work for the average computer user. But there is one dialog box, titled "Select Additional Tasks", at which you should make some decisions.
Figure 2. Select Additional Tasks dialog box
Naturally, Spybot allows you to scan your entire system for any spyware that managed to make it past your defenses. But the application also offers real-time protection, which can be thought of as the preventive medicine that can reduce the risks of later depending entirely upon the curative phase. In particular, the Immunize feature works within some of the leading browsers (Firefox, Internet Explorer, and Opera) to prevent websites from infecting your browser with what are known as "tracking cookies", which allow unscrupulous online organizations to track your movements on the Internet. The SDHelper is specific to Internet Explorer, because that is the only browser unsafe enough to run ActiveX components on Web pages; this feature can block those attempts. TeaTimer prevents unwanted files from being installed on your system, by constantly monitoring the computer processes that get started, and giving you an opportunity to have Spybot instantly shut down the one being called, at the moment or in the future; you can optionally delete the file that initiated the call. Also, TeaTimer can squash any attempts by programs to modify your Windows Registry or your Hosts file (used by browsers to redirect from one website address to another). On the aforementioned dialog box, you will need to decide whether or not to enable SDHelper and TeaTimer.
During installation, Spybot will attempt to send a packet to a remote server, and then try to connect to safer-networking.org. Both of these are legitimate, and can be safely allowed by your firewall. (You do have a firewall catching these outgoing requests, right?)
Spy vs. Spy
When the installation process is finished, the installer, by default, will begin running Spybot. You can perform preliminary steps such as saving a copy of your Registry, checking for updates (which isn't necessary since you just downloaded it), and immunizing your system. After these steps, you reach the main screen of the interface.
Figure 3. Spybot main screen
Click the "Check for problems" button to have the program begin scanning all of the files and folders on all of your hard drives. You will be asked whether Spybot can delete any temporary files, including those created by any unsaved changes in other applications you might have open at the time. A tip of the day will be displayed, but you have an option to disable that from occurring in the future. Once the scanning starts, you may as well take a break from your computer, because the process can take a fair amount of time — in proportion to the number and size of your files and hard drives. Eventually, the scanning will finish, and Spybot will show you a list of security problems, if any.
Figure 4. Spybot results screen
All detected spyware components are reported, and you are given the option of having Spybot try to fix the infections (usually by deleting the files entirely or do nothing (which is only advised for items that you thoroughly understand, such as having Microsoft Windows Security Center disabled).
To learn more about Spybot, you can read the product overview, tutorial, and FAQ pages on the Safer Networking website, which also has news and articles. OpenSBI is a file format you can use to provide Spybot with custom detection databases; the documentation for this is on their wiki. If you find Spybot helpful, consider donating any amount of money, in one of four major currencies, including US dollars.
As of this writing, the English version of the homepage displays a testimonial by customer "Carol D.", who offers the following post-treatment assessment: "This is a great product. It has helped to improve the performance of my computer. I find I'm not swearing at it as much anymore..." If Spybot does nothing more than reduce the global epidemic of computer-directed cursing, then it will be well worth the time taken to administer the medicine.
Copyright © 2010 Michael J. Ross. All rights reserved.