Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Blaster and/or Spybot S&D ?


  • Please log in to reply
11 replies to this topic

#1 Billermo

Billermo

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 September 2009 - 01:52 AM

I've come across some mentions up here and elsewhere that Spybot Search & Destroy is no longer the effective program it once was (though it is still included in the Tutorial on Security). The special feature of the program was its Tea Timer (I'm a bit fuzzy on how Tea Timer works exactly). These days, I believe the program Spyware Blaster has approximately the same type of protection feature (is that correct?) but is more up to date than Spybot's.

So I thought I'd ask here to get some assessments by some who are more familiar with these.

Is it right that SpywareBlaster is the 2009 equivalent of SBS&D? Or is there something better now that's eclipsed both of them? Is the Tea Timer concept even valid in today's environment?

Thanks for giving your 2 cents on this one.

BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 AM

Posted 07 September 2009 - 04:41 AM

I use both programs however I do not use the Tea Timer feature. Spybot immunizes against over 75,000 threats while SpywareBlaster only immunizes against less than 15,000. SpywareBlaster blocks things that Spybot does not and I figure it does no harm to use both programs to immunize against threats.

I do not use Spybot to scan for malware/spyware, instead I use Malwarebytes and SuperAntiSpyware as on demand scanners.

Considering the way I use Spybot, I see no reason not to use it, as well as the other programs.

Edited by Stang777, 07 September 2009 - 04:42 AM.


#3 Billermo

Billermo
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 September 2009 - 10:19 AM

Great reply, thanks. I feel smarter after reading that. Particularly about the 75,000 and 15,000 (I presume there must be some overlap between them), and why not use both. By immunizing, it isn't actively monitoring, running in the background, but just blocks those particular threats, right? I still don't understand how it does that if it's not active.

THanks

#4 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:55 AM

Posted 07 September 2009 - 11:56 AM

SpywareBlaster sets "killbits" in the registry for ACTIVEX which are known to be malicious. Doesn't have to run. Once it does the job, it's done till the next update.
See
http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Spybot is different technology and purpose. Spybot's immunization adds a list of known bad URLs to the list of restricted sites in the IE. So it doesn't have to run either once the list updates. Spybot does other things as well, but I don't know the details, I think it runs as BrowserHelper object in IE.

Spybot's TeaTimer does run all the time watching over the web activities, registry changes etc.

#5 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:09:55 AM

Posted 07 September 2009 - 06:00 PM

And numbers are accumulated depending on installed software and user accounts - so in fact there is no one number of 75000 as Stang777 seems to think. Site of S&D must have official info but they are way lower for sure. Fills up registry all right though. Feature of immunization is build in to Windows/browsers - not a feature of S&D. Would be more useful to focus on relevance than just numbers, what do numbers represent? Higher does not have to be better. One of the most popular malware tools, Malwarebytes, does not really try to build up big database with old entries. Still useful and more updated to take care of latest problems. So possible Spywareblaster is more useful with lower/not blown up numbers.

Edited by Bambo, 07 September 2009 - 06:01 PM.


#6 Billermo

Billermo
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 September 2009 - 09:28 PM

OK so now I feel dumber again. It sounds like what Bambo and Tos226 are describing is negative. Reading above, now I wonder whether I should have either of these installed at all.

What do the 2 of you have installed then, as what you see as a good fairly comprehensive set of anti-spyware programs?

I have Spyware Terminator installed, which has caught some problems before they had a chance to happen in the past. Maybe that is the one that's mostly duplicating what Spybot used to be known for in the past.

#7 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:09:55 AM

Posted 07 September 2009 - 09:41 PM

Why not use both S&D and Spywareblaster? I was commenting on putting too much faith in to S&D. Take a look at their forum. May be you find the thread where a rep. from Malwarebytes suggest they disable TeaTimer per default :thumbsup: You must really know tool for correct use. You have already read about this or similar I think but their forum is pretty good actually.

Think most here would recommend Malwarebytes and SuperAntispyware. There are loads to chose from though. Many AV makers would say they are not needed since antispyware is included in their stuff already :flowers: People say many things for various reasons.

I dont really see much need for this immunization so dont know alternatives to what you use now. Not that important, having Teatimer running or not is a bigger issue. Blocklists are passive and no bother.

S&D being old and dust? Depends who you ask http://lifehacker.com/5231837/hive-five-wi...search--destroy :trumpet:

#8 tug

tug

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 07 September 2009 - 10:52 PM

I would get both, I have both and there is no conflict at all, just update them every few weeks if you just want them for hosts.

#9 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:01:55 AM

Posted 08 September 2009 - 01:30 AM

SpywareBlaster sets "killbits" in the registry for ACTIVEX which are known to be malicious. Doesn't have to run. Once it does the job, it's done till the next update.
See
http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Spybot is different technology and purpose. Spybot's immunization adds a list of known bad URLs to the list of restricted sites in the IE. So it doesn't have to run either once the list updates. Spybot does other things as well, but I don't know the details, I think it runs as BrowserHelper object in IE.

Spybot's TeaTimer does run all the time watching over the web activities, registry changes etc.


I'm going to confuse the whole issue some more, but hopefully after reading this, everyone will have a better understanding of how the various protection tools in SSD work and how they may differ, or not, from the protection SpywareBlaster offers.

First, it's important to distinguish between Immunize tools and TeaTimer (which is a watch dog, a resident guard). The immunize tools are passive. Once applied, they will do their job, whether Spybot (or SpywareBlaster) runs or not. They use some of Windows native tools and resources to create blocklists. SpywareBlaster has a variety of protection modes, but the most important (and better known) one, is the ActiveX killbit portion of it. After all, that's mostly why it was written. What that does is it adds a pointer in the registry for a specific baddie (identified by a CLSID or Class Identifier - in other words, a unique ID to the particular piece of code) and sets Windows to deny it access to the machine. Stops it in its tracks before it had a chance to take hold. Spybot, has an equivalent (meaning, it does the same thing, in the exact same way) in the Immunize feature. In earlier versions of Spybot, the Immunize feature was just killbits, every other passive protection or tool was in a different area with its own name, now they are all bunched up, which leads to the confusion you see in this thread.

SpywareBlaster also offers a "Restricted Zones" for IE blocklist. Spybot has one of those also. This adds known malicious websites to the Internet Explorer restricted zone, which disables pretty much all access from those websites to the machine (but only for IE! - FF or Opera, or any other browser not using the IE engine, is unaffected by those settings).

SpywareBlaster also has a cookie blocklist. This works in much the same way as the Restricted Zones list, but instead of focusing on websites' access, it prevents any of those domains from dropping cookies on the machine - highly recommended, and very useful to keep ad cookies at bay. Spybot also has this. As you can see, there is substantial overlap in the features. Where they differ, is in the maintenance of the blocklists. AFAIK, the blocklist for SpywareBlaster was usually the leaner one, and the most current. I have not compared them lately, though. Even if there is overlap, that does not mean conflict between the two, as they both use the same Windows resource (namely the registry and the IE security settings).

The SDHelper.dll (Browser Helper Object) in Spybot's resident protection is something else entirely and only acts in trying to intercept 'bad' actions from an open web site. It filters traffic and queries between the browser and the server to snoop on what's going on. This in theory is good, but in practice, it's somewhat ineffective and the benefits are minimal to using it. SpywareBlaster does not have such a feature, it is strictly a passive protection tool. The Spybot BHO is an active one.

There are other tools included in both programs, such as the hosts file in Spybot, the locks you can use in SpywareBlaster and the snapshots feature.

TeaTimer is another active tool, but it is mostly misunderstood and overrated (for most folks). If you cannot tell what the prompts mean, by all means, don't use it. You're only hurting your security, not improving it. If however, you know what the prompts mean, then yes, it CAN be an extremely useful and efficient tool, but it has to be maintained! It will alert you to specific registry changes or attempts to change the registry in certain key areas, such as Run Keys, and other system critical registry settings. A neophyte to the registry should NOT be using this tool. Its effectiveness depends highly on the level of knowledge of the user behind the controls. If you get annoyed everytime a prompt appears asking you for what you want to do, then please, don't use it. And stay away from the "remember this decision" (or its equivalent, I forget how its labeled now) button!!!

Spybot used to be renowned for its effectiveness at dealing with current malware. The Immunize and other protection tools were added later on and were only a 'bonus'. What Spybot is, still today, is a very powerful and versatile toolkit. Its detection rates and removal capabilities have dwindled with time and it certainly hasn't been keeping up with some of the other anti malware programs out there as well as it used to. I can't compare SUPER AntiSpyware to it, because I have not used SAS personally. MBAM (or MalwareBytes Anti-Malware) is a great removal tool though its protection capabilities are limited, unless you buy the full version. The newer version of it, includes an IP Blocklist (paid version only) that acts much like a firewall, but without user control. It uses a blocklist and denies access to any IP recognized as bad. This (I assume, I have not tested myself) only works if the resident portion is running.

As for SpywareTerminator, I can't say I know what they are up to now, but they used to have a shady reputation. Prior to entering the anti spyware market, they were adware distributors. I, for one, would not put my security in the hands of ex-adware distributors. Principle. Of course, I'm not saying they are bad, or rogue, but they used to be, and for me that is enough. There's plenty of other apps that do similar (and probably better) out there that don't have that ex-con tag. So strictly out of the two, Spybot or Spyware Terminator, I'd stick with Spybot, hands down, if only for its track record as a free community app.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#10 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 AM

Posted 08 September 2009 - 02:09 AM

Billermo, you are welcome and you are right, it blocks them even though it is not actively running and like you, I am sure there is some overlap between the two programs. Heck, the numbers from Spybot might even be overlapping itself just by the way the things are counted, as in, it could be immunizing the same things twice, just in diffent areas and adding them up that way. I do not know, or even really care, exactly what that number represents, I just do not see any reason not to use it for whatever protection it gives since it does its job after just running it once and updating it every now again. I feel the same about SpywareBlaster too. Btw, I do not see what Tos said as a negative, but rather an explanation of how the programs work.

Galadriel, thank you for such a nicely detailed explanation of the two programs.

Edited by Stang777, 08 September 2009 - 02:29 AM.


#11 Billermo

Billermo
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 08 September 2009 - 10:42 PM

THanks for all the info.

I'm a former user of Spybot and current user of Spyware Terminator, and I was oblivious to its history. In my experience, ST has been effective -- not only that but it caught Conficker and blocked it a few weeks ago when I went online at a cafe. My experience with Spybot was that I still got infected with Tea Timer on. Anecdotal evidence, I know. Still, I'd be very interested to see the opinion of someone who gave ST a fair trial and compared its behavior to SBSD's. Actually it seems like a head to head test would be good to see. The same company now also has a firewall out, by the way, which got a very good rating from that one testing facility (can't remember the name, maybe someone here does). Anyway, I don't want this thread to shoot off into that direction. It got higher marks than most, and was nearly as high as Comodo.

You mentioned that there's other programs out there that do the same thing -- I'm only aware of SBSD and ST doing this. Which others?

It seems as if with AS programs, overlap is fine, and one should have just one turned on for monitoring, is that correct? So then its a questoin of figuring out which one gives the best live monitoring, I think. SBSD seems to be a leading candidate, and I have a feeling ST should be as well. I prefer to base it on performance than history. But it's a good point, and to be considered certainly. It looks like I need to read up more on all of what SBSD can do.

It also just occurred to me that these AS's all have these different features and strengths. It'd be interesting to make up a table, with the rows being the different programs, and then the columns are the different features/strengths/tools/etc. -- just to lay it out in an easy to comprehend format, easily see which ones do what, and what's a sensible comprehensive set to have installed. This for people who are curious and trying to get up to speed on this. People like me.

Also, with the shift by AV companies to incorporate AS into their AV's, I wonder if these AS programs are on the road to becoming obsolete. Like if one had Eset Smart Security (as I do), are these AS's just more icing on the cake?

#12 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:09:55 AM

Posted 09 September 2009 - 12:20 PM

They should be unnecessary since it means normal AV has evolved beyond advertising "antispyware" :thumbsup: Stuff like Malwarebytes is cool but put old products in a bad light. I dont think they like that.

About Terminator they are not making it easy for them self. Look at bottom of their page. Links to free fun stuff, screensavers etc. on a page about a security product. Or go to Mothership Xactis page http://www.xacti.com/products/software.aspx Just give wrong impression and since past is still in memory Terminator becomes a questionable if not lesser product - some will assume that. On the other hand Ive also seen some paranoid Mozilla people recommend Terminator. Clam AntiVirus gives it credibility I think.

There is already a lot of girls vs. Britney when it comes to security products. Tables wont help, just make it worse. You end up with TopTenreview type of comparison in a flash. Marketing will misuse. If you want hard core facts for Antispyware history, as much as they exist, you need to know market development over years - and accumulated "wisdom" gathered from million of users. Subtract and add a bit here and there. History is final judge :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users