TODO alt text

Spybot S&D 1.4 review

Proves a community effort can fight the plague of spyware

Jump to Section:

Our Verdict

Inspiring detection and removal capabilities from a free program

For

  • Superbly effective

Against

  • Some affected settings left unchanged

Spybot S&D has been around since the dawn of spyware, and today's version looks virtually identical to the original major release. Yet whatever Spybot S&D lacks in style, it more than makes up for in performance.

It was just over a year ago that Spybot S&D looked like it might not be able to keep up with commercial competitors, but as they've fought among themselves for market share, the Spybot team has obviously been working hard to improve the program.

Spybot's scanner isn't the fastest, but it is a comprehensive workhorse that gets the job done and has the ability to detect and remove more than 66,000 malware-related threats.

We're the first to admit that our test system was badly infected, and that we didn't expect any miracles from a free anti-spyware tool. Imagine our shock when Spybot S&D detected and removed every last pest from our test system, including both keyloggers, the DNS-changing Trojan, the IE browser hijack, remnants of two CWS variants, KillSec, NewDotNet, both rogue anti-spyware/virus programs and more.

The program didn't differentiate between complete threats and remnant thereof: if even part of a threat was detected, it was primed for removal.

We had no trouble removing all detected threats with the initial scan, but a reboot and another scan showed two lingering threats that our second pass killed for good. While Spybot removed our browser hijacker and DNS-changing Trojan, it didn't remove the settings imposed by either, leaving us pointing to a rogue DNS server and a false Google homepage.

It would be nice if Spybot S&D had a facility for detecting and helping users to restore original (or input new) settings in these cases, because it lends itself to a higher possibility of future reinfection.

Digging deeper

Known primarily as a scanning and removal tool, Spybot S&D does offer real-time protection by way of its SDHelper and TeaTimer components. While not quite as slick as some commercial proactive protection tools, this duo will help to block unknown ActiveX controls, guard against rogue processes and monitor for Registry changes in real-time - more than enough protection for the careful user.

Both tools can be enabled during the Spybot installation process, but TeaTimer isn't selected by default. To enable it, switch to Advanced Mode, click Resident and check the TeaTimer check box.

While you're there, check out Spybot S&D's other advanced mode features, such as the ability to schedule scans, use the built-in secure file shredder, lock your IE home page and HOSTS file, and even create reports of Spybot's historical findings. For those who just can't live with the Spybot's default interface, there's even the ability to change its skin.

Perhaps the best news for Spybot S&D users is that they're never alone. You generally can't expect much support from free programs, but Spybot S&D forums are active, vibrant and almost obsessively helpful in helping users solve general spyware and program issues. No, it's not pretty, but who cares if it gets the job done?