Saturday, December 15, 2007

Spying on Spybot Search & Destroy Beta's + a new SB toy...

It is late Saturday afternoon and I have had my hands full at our modest homestead.

By some freak design of landscaping, architecture, and neighborhood home placement, it seems like all the leaves in our neighborhood are gathered by the wind and deposited in our front-porch doorway entrance.

The winds have been fairly gusty today.  When I went out this afternoon after listening to leaves swirling against the front door all day long, I was met with a very large pile.

I swept them all up and tossed them in our yard-waste trash-bin.

By the time I got back to the front door, more leaves were accumulating.


Our neighbor's porch area remains free of leaves.

Spybot Search and Destroy

A long time ago, Spybot was probably one of only two malware scanners that I trusted.  It ran fast, did a decent job sweeping a system for malware and tracking cookies, and was safe to use.

Nowadays, I've given up reliance on any one or two malware scanners.  While I usually now am skilled enough to clean a system without them, they do still perform well in general cleanups and scanning for traces or evidence of system compromise by malware.  I still recommend and perform periodic sweeps of my own systems with a multitude of anti-malware scanners: Anti-Malware Tool Roundup - #3.

So earlier this week I was checking my RSS feeds and found mention that a new version of Spybot was released; version

This version offered a number of nice enhancements, including these I have singled out:

  • Fixed HyperThreading issues
  • Improved 64 bit immunization
  • Create Portable.ini in main folder to use app folder as data folder as well
  • New warnings about missing admin rights on Windows Vista
  • Support for multi-line bookmarks (IE 7 / Vista)
  • New Immunization for Firefox & Mozilla
  • Improved Immunization for Opera
  • "Single excludes" now include filenames to be more unique
  • Improved (Vista-compatible) support for fast user switching
  • Vista manifests for assigning required rights to each application
  • Improved disabling/enabling BHOs
  • Fixed update-related crashes on Vista
  • Fixed memory leaks (replaced Indy with Synapse)
  • Vista-compatible MSI installer for those who like/need that
  • Added TeaTimer hide icon (disabled) registry value in installer
  • Improved PE detection all over the place
  • New 64 bit detection all over the place
  • Improved file removal methods
  • Added support for renaming services before stopping/killing/deleting them.

So I fired up Spybot on my system, waited about a minute for it to launch (regular thing) and then checked for updates so I could get and apply this updated version to my current one.  I found DAT file updates and such, but no engine/program update.


So I downloaded the beta version directly and gave it a shot.

It seems to perform just like the previous version...which isn't a complaint.  These are mostly under the hood things.

Spybot Search and Destroy (Beta)

Then, lo and behold, via another RSS site feed link, I stumbled upon an even newer version of Spybot, version Beta.

So I had to download and install this one as well.  What a difference! More on that in a minute.

This is beta software, so it is a bit buggy.  It seemed to have some issues when I tried to set some Windows Security Center settings to "disregard" from scans, but the program didn't crash and no damage was done.

Spybot Search and Destroy (Beta 2)

Then, today, I found this even newer beta version of Spybot: version Beta 2

I haven't been able to find a full feature-list.  I suspect it continues to build and refine the previous changes made and work out bugs.

I did notice two new optional installation items during setup:

  1. Separate Secure Shredder application
  2. Spybot-S&D File Eraser

Turns out the first is a secure file "shredder" to make files unrecoverable.  The second is actually not a "shredder" but a tool that adds a context-menu option to remove persistent files by terminating the process running them, closing associated file handles, etc. and then deleting the file.  Kinda like a rouge-file bouncer for your system.  It's still being refined but is a clever addition to this program.

There is also a forum explanation about the cryptic "Portable.ini" change since version1.5.1.15.  While you can run SpyBot from a portable USB drive just fine, like you always have been able to, this ini file allows the program to save log files to the program folder/USB drive instead of the host machine.  Recovery-files made by Spybot will always be kept on the host machine, as that is where they were removed from and you wouldn't want to "restore" removed malware-files from one machine and accidentally restore them on another, now would you?

I'm using this version right now and am very pleased with it.  Still a bit buggy, but there is another reason why I am taking the risk...

Spybot's Slow Startup Fixed

I've been using Spybot for so long, I didn't even notice until recently that version takes FOREVER to launch once executed.  On all of my systems it takes about a minute or so to fully open the Spybot main window.  This molasses-thick launch is quite aggravating now that I am noticing it.  And others have as well.

In an informal test I decided to do some side-by-side comparisons in the different versions:

Monitoring version in Process Explorer shows it chews up a BIG chunk of my CPU cycles as it gets going (over 90-95% until it finally loads all the way). Memory usage settles in at 49,000 K. Time to reach a Spybot window load? About one minute.

I next tried running version Again, in Process Explorer this version chewed up 90-95+% of my system CPU cycles getting going and the launch-time for it remains about 45-60 seconds to open and run. Memory usage settles in at 49,000 K.

Finally, I tried running version (beta2). Process Explorer shows it also rockets up to 85-95 % of the CPU cycles…but the launch time is about 10 seconds or less. Memory utilization remains about the same in the 49,000 K mark.  That is simply an amazing performance gain and brings it back to the state of Spybot launching that I was used to!

So, I am going to go ahead and try out the beta 2 version for a while. The startup/launch time of it alone makes it worth my while to use and test with.

Note: I was only monitoring time-to-launch here, not scanning performance…

Spybot Christmas Bonus Gifts

Here are some extra Spybot goodies if you have been a good boy or girl this year....

Spybot-S&D Beta - Safer Networking Forums - Here is the link to the Spybot Beta's forum. Lots of great posts and information for those who root around under the tree this year.

Spybot - S & D Beta Page - This is the official public beta release version page.  The links to the other versions I mentioned are to legitimate versions, however Patrick Kolla seems to have a problem with keeping the latest non-public beta version links of his site away from those who live to find them.  So newer versions are often located and published.  He seems to take this in stride...

As Promised, the latest Spybot Toy!

Spybot Christmas Presents, Part 1: Bootable CD - Yep.  A wizard-utility to make your very own SpyBot Win PE 2.0 boot CD loaded with your favorite Spybot tools...  Granted, it is very stripped down. It cannot compare to either BartPE or VistaPE boot-cd builders in the scope of the applications and system GUI that they provide, but it does have a few things going for it.

  1. It will create a bootable CD with very little work on your part,
  2. It will add in Spybot tools; Spybot Search and Destroy, RunAlyzer, and Reg Alyzer.

And, as of this moment, the program doesn't auto-locate those applications, except on x64 systems.  And I can't find a way to toggle them in manually.  Patrick says a fixed updated version is coming check back there often.  And I will post a screen-shot for you of it running in the WinPE environment once I get a version that fully works...

That's about it. But hey, it's a start...

Screenshots mid-way down on this link.

Happy malware hunting, whatever version you like!



Anonymous said...

The new 1.5.2 version released the end of January seems to have fixed the load time issues.

Anonymous said...

Hi Guru,

Yes it has. Very sharp launch times now.

Me likey!