Sunday, June 24, 2007

First Looks: Spybot Search and Destroy 1.5 (Beta)

(This post is long...if you just want to go to the official Safer Networking Beta page for Spybot Search and Destroy 1.5, jump here.) --Claus

The Quest begins!

When I was first getting my toes wet in the malware-whoopin fight-club, one of the first tools I became acquainted with was Safer Networking's Spybot Search and Destroy.

The "easy" mode was great for doing a quick scan for malware and cookies removal and it seemed to be quite effective at the task.

The "advanced" mode offered a ton of great tools for tweaking and understanding all the going's on in my systems.

As malware fighting got more complicated, Spybot seemed up to the task, though I would eventually add quite a number of additional anti-malware applications to my tool-kit for fire-support coverage.

Still, Spybot S&D is one of the very first tools I reach for.

I've been running Spybot S&D 1.4 for over a month now on our Vista laptop with no issues. That doesn't mean it is supposed to be used on it, just that I haven't ran into any issues. But no, I don't use their "Tea Timer" utility so that remains "untested" by me on Vista.

New Kitten or Bad Puppy?

A week ago I saw my favorite new-software version site "FileHippo" had a download available for Spybot Search and Destroy 1.5 (Beta).

I went looking around and couldn't find any info to tell me if this was legit or not. Can't be too careful now-days.

So after some scans and trusting filehippo, I loaded it up and took it for a whirl.

It is just the same...but better. (Though still in Beta.)

Tracking down the Source

I was still a bit unclear on how this version got out of the cage and wanted more information before posting here.

I did some follow-up poking around deep in the Safer Networking forums and came up with these bits:

Back in early December 2006, Team Spybot member PepiMK posted an announcement of the beta versions of some tools for Spybot 1.4: Announcing betas: TeaTimer / Updater / Vista integration.

Testers would be able to download and install these "bits" over an existing Spybot 1.4 installation and get:

Scanning engine

This update cannot be disabled in the download package below; it is not only used if you install TeaTimer, but by the main Spybot-S&D scanner as well. The methods available to detect malware have been more than doubled, including new ways to generically detect malware mutations.


Aside from the fix of the graphical glitch so many users have been waiting for, there have been some important changes under the hood, which will reduce the number of change dialogs where the user has to decide.

TeaTimer now automatically allows any changes during the installation of other security software which follow the ASCs guideline of code-signing all files, as well as a much improved scan of the files associated with registry changes.

Vista Security Center

The Windows Security Center included with Windows Vista has a dedicated entry for malware protection software.

Microsoft ships Windows Defender with Vista, however, Spybot-S&D can now easily integrate into the Vista Security Center; which will then monitor if Spybot-S&D is up-to-date and whether the permanent protection (TeaTimer) is running or not.

This update will only show on Vista systems, since previous Windows versions do not offer anti malware integration into WSC.

The integration with Vista Security Center is good news indeed.

However, while this was the wasn't the download we were seeing at filehippo.

In June 2007, Spybot announced the "Works with Windows Vista" will be applied to RunAlyzer, FileAlyzer, RegAlyzer and TagsRevisited. And will likey be applied to the 1.5 version of Spybot at final release.

But that still didn't help me directly to find a legit download notice on Safer Networking.

Forum Diving

So I dove into the forums more and hit a great lead: the Spybot Beta thread group!

That finally got me this post: Spybot 1.5 beta bugs and false positives. - Safer Networking Forums where I learned that someone (Neowin) got lucky and found the download on the servers and it "leaked." So it appears that a few weeks ago a non-public beta got off the farm, but it wasn't a "secret" one. Anyway, in that thread Safer Networking posted a direct link to the "full" Spybot S&D 1.5 (beta) package...and it was newer than the "leaked" version.

A bit more supporting documentation in this thread as well: New Interface & Firefox for S&D 1.5? - Safer Networking Forums

The Gold Mine!

Finally I hit the mother-lode for Spybot Search and Destroy 1.5 Beta.

Spybot - Search & Destroy - The homepage of Spybot-S&D Beta!

According to this official page at the time of this post:

  • The current beta version of Spybot-S&D is (June 21st)
  • The "Official" Safer Networking SB S&D 1.5 beta download link is here.
  • You do not need to uninstall version 1.4 to install 1.5, but it is recommended.
  • The download versions on Neowin and filehippo are legit; but may not be as current.
  • All versions of Windows are supported (and Wine!), including Vista and Win95.
  • The interface remains about the same, but work begins in June/July for a new GUI. Wow!
  • IE plugin configuration is updated.
  • Tea-timer interface updated.
  • Radically different Updater window now, also offering optional "beta" updates.
  • Integration with Vista Security Center.
  • UAC support.
  • Scan results now displays additional items of consideration. This surprised me but is cool.
  • And a whole shebang more changes, mods, and updates...too numerous to list.


Go to the link above to read the full list of items, and to look for newer versions.

Want more Spybot S&D Eye Candy?

Hop on over to this Neowin post: - Spybot - Search and Destroy 1.5 Beta

There they have 10 screenshots available to satisfy your itch.

Claus's Take

I'm really excited to see Safer Networking getting ready to roll out this version. It looks to be a substantial update to a long trusted and honored malware-whooping machine.

I've been running this beta version on my XP and Vista machines now for a while and haven't found anything to prevent me from being comfortable using it on a daily/weekly basis. Your mileage may vary as it remains a Beta beast at this time.

It's also refreshing to see that Safer Networking takes a a low-key approach to version numbering. What could have been "Spybot S&D 2007" or "Spybot S&D 2.0" is just simply one more minor tick up to version 1.5.

No, I don't think it will perfectly clean a malware-infected system perfectly every you still probably need to keep a malware-whoopin' unit of squad-members at the ready, but based on what I've seen so far, Sergeant Spybot just got a field-promotion.


No comments: