Spybot Search & Destroy 1.4
PC Magazine Spybot Review
REVIEW DATE: 06.21.05
Spybot Search & Destroy is still free, though the author requests an "absolutely voluntary" donation to support further development. Apparently the support has been sufficient, as this version offers some interesting updates. One unusual feature is its ability to run from a Windows PE (Preinstallation Environment) boot CD and clean the Registry in one or more nonactive Windows installations. More apparent to the average user, it offers faster scanning and more thorough removal of threats. If the scan still seems to drag, try clicking the icon at the top left of the main panel (just below the Help menu) for an "Easter egg" diversion.
Spybot attempts a number of real-time protections against spyware. Its Immunize feature forbids installation of known bad ActiveX controls, and its SDHelper can block access to sites known to install spyware. The TeaTimer module blocks malicious processes from loading in memory and also blocks browser hijacks, HOST file changes, and startup changes. Unfortunately, we found this protection more annoying than effective. To start, the window that asks whether to allow or block a change is defective, with only the top edge of the action buttons visible--we had to experiment to learn that the right-hand button means "Block." The source of the change is not identified. And each attempted change brings another pop-up. Worse, the program detects its own reversal of previous changes as a new change requiring confirmation.
You can check a box to have Spybot automatically block a particular change in the future. However, confronting one persistent spyware application, Spybot stacked up over two dozen notifications of repeated automatic blocking, taking up nearly a third of the screen. Even though we opted to block every change reported, Spybot's real-time protection prevented installation of only two threats. We took the massive multiple warnings about three others as a signal to run a full scan, which did remove one of them.
On the other hand, the scanning module's ability to remove spyware threats is significantly better in this version than in its predecessor. It detected all but one of our spyware threats in testing, and removed almost half of those it detected. When a reboot was required for full removal, it loaded before the Windows shell to complete the cleanup. A pane at the right of the list of found spyware displays detailed information about some threats-- but we found that for the majority it showed "No information available."
Spybot doesn't provide a link to get additional information online. It does keep statistics on how many times each threat is found and fixed and gives the date of the most recent occurrence. If you find that another program on your system needs a particular item, you can easily restore just that item from Quarantine.
Spybot offers a large number of more technical settings that are only available when you switch to Advanced Mode. In this mode you can select which threat types will be removed, typically to stop checking for "tracking cookies," or set it to ignore specific individual threats. You can also tune the program's behavior, specifying what it should do at startup, whether it should create a restore point when fixing spyware, what information should go into bug reports, and more. You can schedule a full scan using Windows Task Scheduler. Also present in Advanced Mode are some seriously advanced tools including a secure file deleter, categorized lists of installed ActiveX controls and BHOs, and a full-blown startup program manager. The built-in process manager lists all active processes along with the modules loaded by each and any open network connections; it includes the ability to kill any process or export the list for your records. Still, the average user will stick to Default Mode, where these high-level tools are invisible.
Spybot has acquired a loyal following since its release three years ago, but it wasn't keeping up with advances in spyware. This release brings its removal abilities back up to par. We can't recommend its real-time protection, but the "Search & Destroy" scan can serve as a useful backup to your main antispyware program.