Suggestions

There are no posts in this beta area, so I wonder if I can make a suggestion for future SB versions…I have a few but one that sticks out in my head right now is.

There should be some type of process killer in SB, for those programs that are currently running in the background, like huntbar, hotbar…etc. So you don’t have to restart and scan again and still have the same problem for some of those hard to kill spyware progs that embed themselves in the login and still start before SB can.

Just a suggestion, I have lots of thoughts that go through this head of mine, so if your looking for any other user insight feel free to ask, I would be more than happy to help you guys/gals out.

Thank you for the great service.
- gcRez.

Bitman

My fault....I know SpyBot has a process kill in it and I have used it, I should have gone into a bit more detail as to explain that I meant a automatic process kill, if it's known spyware and can't get rid of it...kill it and then get rid of it.

I tell allot of people about SpyBot, and when I ask them how they liked it, I usually get the same response, that it works great but it can't get rid of one program because it's running, the average user really doesn't know squat about their computer, and even less about what to do when you get spy ware.

I’m not making suggestions to step on any ones toes, All of you working on SB have been doing a great job.

- gcRez

P.s. I've gone through SB very thoroughly….lets just say my score was 82

Just a question.....

Have you guys ever considered incorporating a packet sniffer with teatimer?
Monitoring ports for unnecessary traffic could be a useful tool for unknown spyware.

just asking

thank you
-gcRez

since this is a suggestion thread, I will add one here now.

I would love to see the next version have an options in settings to HIDE ICON, TeaTimer icon, thats normally sits in system try.

I presently add key to registry, though would be neat to have it present in next version.

[HKEY_LOCAL_MACHINE\SOFTWARE\PepiMK Software\SpybotSnD]
"TeaTimerHide"=dword:00000001

(I have asked for this recently, but since old forum is dead, thought I would bring it up again.)

would be nice it it loaded quicker :)

its doing a small scan when it starts up. So speed of your rig will make a differance here

Actually, the old forum is alive again and the old posts are available. The URL changed to http://net-integration.us/forums/index.php

Edit: nt all the old posts as some boards are missing.

"PepiMK,"

I know you are probably asleep at this time. Not a problem for me anyway, get some needed rest.

My suggestion, I know this is not the proper place but it is along the same lines as some of the work you are talking about here and even with any or all of the other software you are working on.

I made this suggestion to AntiVir® of H+BEDV Datentechnik GmbH, I think you may know of them. They took about 8 months to implement this. The suggestion was made about a year ago, they started the ßeta testing on it about 8 months ago and I was one of the testers for them. It works GREAT, the download was getting to be in the area of 1Meg and now they are greatly reduced and being on a dialup it has reduced my download time from about 22 min. to about 1.5-2 min.

To save yourselves some bandwidth and maybe create a little bit of a head-ache to figure how to do this. We have the largest part of the 'DetectionRules' installed all we need is any additions. I have not heard of any removals, but; we will allow them if you feel they are needed. When we come to you for the updates send only the additions and then they can be merged alphabetically, shuffled and then dealt to the proper area, how ever you like would be fine with us. Then the only info we would have to download would be a small progy that would do this in background and the download would not have to keep growing (945K and up) each time there is an update. I know this is a programmers KnightMare, would like to do some of this to assist you, but; being only a USER and not a Geekizoid, Nerd, Hacker, etceteras, just a retired Electronics Techy with approx 58 years experience/w Hydraulics, Pneumatics, Electrical, Mechanical training and experience. All I can do is suggest, that is if it is AOK with you?

If you would like some maybe more suggestions on how to do this I have some ideas, but; you probably have better ones than mine.

I await your return,

Moved from RunAlyzer Forum. - tashi

Thank you very much 'Tashi', was not really sure of the proper placement for this.

CU L8R,
LL

Actually, the old forum is alive again and the old posts are available. The URL changed to http://net-integration.us/forums/index.php

Edit: nt all the old posts as some boards are missing.

Hi Rosenfeld.
The url had been changed about a week ago.
I receive the same Board Off-Line message. ;)

Hello all,
I've been using Spybot S&D for quite a while now, and have been very pleased. Thanks to all involved. I would rather my first suggestion about the program have been more monumental, but this is all I've got.

I'm a big fan of an uncluttered desktop, and I'd like to see an option to hide the Tea Timer icon in the system tray. It's a small thing, but hey, it's the only thing I've come up with since I've started using the program.

Cheers to the programmers and developers that have thought of everything else. It's refreshing to see a concise program work so well.

More of these informative messages would be GREAT. Not knowing what questions to ask nor what info I need or would like to know of is a bit of a handyCrap. Thanks to gcRez and the suggestion with Bitman's reply I now have some idea as to how to use this very SPECIAL software a little more efficiently. One of these days POW!! I will suddenly awaken and do better.


Open Spybot S&D 1.4;


Select Advanced Mode, read the warning message if this is your first time.

Select the Tools button on the lower left.

Select Process List in the left pane.

In the right pane, laft click a process to highlight it, then right click it.

Note the 'Kill process' selection in the context menu.

There are lots of such features hidden in Spybot S&D, primarily to protect those who really don't understand how to use them or how dangerous they can be.

Once you've read every help message on every screen and right clicked within or on items in every screen you'll have seen most of what it can do. Then you can start asking questions in the Spybot S&D forum about things it might be nice to add, unfortunately the old thread full of such suggestions was lost with the rest of the old Net-Integration Forum last week.

Maybe a thread for Tips & Tricks/w some hidden tools to make your Progy more useful for us DUMMIES. Slow learners, unenlighened, lightning rods, or just plain stupids.

Thank you for this info,

I think the skinner for spybot which is available for optional download on this site is a great utility. However, if it had a preview area where you could see how color choices would affect the skin before saving it, skinning would become much easier and conflicting colors could be reduced.

Also, I wonder if Team Spybot might have a little area on their site where good spybot skins by users could be made available for all spybot users as optional download.

Lituus.

I plan on opening my own source of info on SpyBot Search and Destroy, as I think this program deserves every bit of support/promotion it can get.

this will be located here:

http://murdo.digitalicedesigns.com

If anyone would like to help with this project, feel free to contact me!

S&D info project:

Tutorials (complete with screenshots / movies?)
F.A.Q's (a locked source of all the more common questions)
Updates / Patches (download database with latest definitions / patches / tweaks)

FIREFOX IS AWESOME! And I need "immunization" for firefox. I haven't used IE for ages! Spyboy needs a firefox update to protect cookies--etc.

felipe

Perhaps you should post it at Spybot-S&D Beta-->suggestions sticky. I agree with you, as more people are starting to use firefox, spybot should include a firefox protection like spywareblaster.

Actually, Firefox lets you delete the unwanted cookies and it will not allow them back in. If you click on 'Tools' + 'Options' and hit the privacy tab, you will want to hit the 'View Cookies' button and click on each one you do not want and select 'remove cookie' (basically anything that says AD), if it says for example... msn.com then you want to keep it. Anything questionable, you would be best to get rid of. Afterwards, Firefox will not allow that specific bug back onto your system. I'm with you, those who are not using Firefox are being maimed.

Edit* make sure that the 'unless I have removed cookies set by site' box checked in your 'Privacy' tab.

Yeah. I could do that. But then I wouldn't need spybot. :D And my donations would go to waste.

Any way a "moderator" can move this thread to the "s/d beta" section?

WHAT!? Of course you would still need S&D. That's just ludacris.

I have loads of ideas, so please get back to me A.S.P. I have about 59-65 ideas to improve Spy-bot. If y0ou don't i will make your program, not very good, because your competor is Micosoft. My ideas come from them, becasue I really don't like them. if you put these ideas to work it will make your program work a lot better.:crowned:

cookie managing extensions for Mozailla Firefox 1.5
http://forums.mozillazine.org/viewtopic.php?t=313059&highlight=

Some badsites are breaking the security system of ff and installing ad.. and other stuff just like we are used to see on IE.

i noticed S&D will hang at update language and detection download operation. but the primary purpose for this message is to mention/suggest a counter some where near the radio buttons for the "ignore products" to save user from having to visually scan the entire list to establish what is checked or perhaps just write in scrolling enable.
hey, thanks for listening and thanks for an outstanding enhancement of my internet experience, using S&D.

feature request from an anonymous user

I love the new perminent deny list but I would think that the ability to manually add new items would be a great feature to have. I come across a lot of new malware fixing customers computers and use your software quite often. But when a piece of malware automatically respawns itself so I cannot delete it I just want to kickban it so it cannot restart. To be able to add it manually to a "forbid list" would be a lifesaver. This could also be added to the startup list view as well, a right click to say "never allow re-enable" for those programs that try and restore themselves back in the startup list. I'm using TrustNoExe right now but it's not being updated any longer and looks like it got sold to a company that's selling it now as exe lockdown. It's come in handy quite a few times but I like spybot and would love to see these features added. Every time I fix a computer with spybot I have the customer donate to the cause. Thanks again guys for the great service.

suggestion from a user called max.

Here's something I'd like to see: an expanded set of command-line options, including the ability to choose what to look for (e.g. usage tracks only, full scan, etc.).

I have a scheduled task on my computer with /autoupdate /autocheck /autofix / autoimmunize

Adding spybot's list to the hosts file is the only extra busywork I have to do after every update (or am I missing anything ?)

I have lots of suggestion, most of your competors all ready use, it will help put Spy bot back in competition with major companies. People send me address where to forward them.

Sages

Hi Sages.

As this topic is for suggestions feel free to post them here in the future. ;)

Your email was received thank you.

How are you doing with your computer problems? :)

A lot of it is based on IE and there is an Opera thing but no firefox. How come?

Hello,

Spybot-S&D does also support other browsers than IE. It can empty the browser´s cache and history and checks for bad cookies, start page and bookmarks. ActiveX isn´t supported by Firefox, so there is no need for protection there.

But you can do the following:
Please go into your Firefox and choose "Tools" from the menubar above.
Then you choose "Options". Now select "Privacy" from the navigation bar on the left.
At the section "Cookies" you have to open the "+" by ticking it.
Please choose "Exeptions".
Now you are able to enter an address of a web site to block it or allow it.
Hope this helps.

Best regards
Sandra
Team Spybot

i have spywareblaster for that

firefox and opera protection like IE has

2 requests:

1. apply updates w/o having to close/reopen spybot
2. create an email list that sends notification when defs are updated.

if either of these are already implemented, please excuse me for not being able to find this infomation. a pointer would be wonderful.

firefox and opera protection like IE has
Cheater87: Most of the Immunize protection within Spybot and that of SpywareBlaster is built into Internet Explorer itself, such as cookie blocking and Restricted Sites, these programs simply fill these lists at the click of an icon.

The SDHelper.dll was created at a time before IE 6, when it didn't have pop-ups and other configuration for third-party cookies built-in. See the first couple paragraphs of the following post for a more complete explanation.
How Spybot-S&D protects against the installation of Spyware/Malware
http://forums.spybot.info/showthread.php?t=281

As I understand it, Firefox has it's own cookie management which would basically make this redundant. And as stated by SpybotSandra in her post to you, ActiveX isn't currently supported by Firefox, so this would only need protection within IE.
http://forums.spybot.info/showthread.php?p=6224#post6224

2 requests:

1. apply updates w/o having to close/reopen spybot
2. create an email list that sends notification when defs are updated.

if either of these are already implemented, please excuse me for not being able to find this infomation. a pointer would be wonderful.
Osc--: Though this isn't exactly what you asked for, it might help.

1. Schedule an autoupdate late at night if you have broadband. See these two posts for how this is done.
http://forums.spybot.info/showthread.php?p=6911#post6911
http://www.safer-networking.org/en/faq/30.html

2. If you skim this list of updates, you'll notice they generally release every week on Friday. This has been true for several months now, so an email list would just be a waste of resources.
http://forums.spybot.info/forumdisplay.php?f=2

Hello,

I have a suggestion for the next version of Spyboy S&D....


Last week I had to fix a computer that was infected with spyware. It was that infected that I could not access the task manager nor could I run another task manager like Merijn's Itty Bitty Process Manager. It was that infected that everything I tried to launch an application(e.g. spybot S&d setup, hijackthis.exe, cwshredder.exe, etc) they would quit straight away with an error message. This would happen to normal to Windows programs as well(e.g. Windows Explorer).

I shut down the computer and pulled out the HDD and put into another machine that had an up to date version of Spybot S&D installed. I first added the root of the other drive(E:) to the Directories setting and run a check for problems scan. Needless to say it didn't find anything....



So my suggestion is the ability to specify the root drive letter for Spybot S&D to search on(including the registry files on that drive) and it would be good if the extra tools e.g. Browser Pages, BHOs, System Startup, etc would use that specified root drive letter to work on.

I didn't get the time to go through all the threads but I'm wondering if someone has asked about the scheduler being capable of securely shredding through the provided templates.

In my case, my computer speeds up by a lot.

e.g. /shredtemps or /shredcustomtemps

Hopefully I made some sense...
--
Thanks. :bigthumb:

I have 3 suggestions.

1. This one is the easiest. My suggestion is the people who put this superb, time-honoured, beautifully crafted piece of software together should feel very, very happy for having succeeded in a good job well done. You are a good model for us all. Thank you so much.

2. I am not suggesting any changes with this one either, but I think it is an important piece of reference. In recent months, it seems as though ewido has become very popular as a heavy-duty Trojan killer. ewido is free if it is used only for scans. It takes lots of memory, so people run nighttime scans with it.

ewido does not replace Spybot, because they serve different purposes. But a few days ago I saw an internet reference to this effect: "Well, if ewido didn't find anything, I really doubt that Spybot will." Okay, so it might be an idea to consider people will be asking questions about the respective "territories" of both, and how they might best be used together. Expect confusion. I'm suggesting that a new Spybot version might include this in its FAQs: "I already have ewido. Do I still need Spybot?"

3. This is the only very tiny change I'd like to see. Maybe it's been done, but it hadn't been when last I looked. I have stayed with (well, reverted to) Spybot 1.4rc2b, because of that little bit of text that gets hidden in 1.4 just when I need to see it. It's in the Tea-Timer's warning about registry changes, if I recall. Works perfectly in 1.4rc2b, but in 1.4 you must say yes or no without seeing what you're doing--you're blind right where you need to see.

I know it was addressed at the time. There is no problem using 1.4rc2b, but I have checked a couple of times and noticed it was not changed. Has it been fixed? I am totally happy with Spybot, and I have been a Spybot-user for a long time--ages--so please don't think I'm complaining. This is intended only as a reminder about a very small detail, whenever such things are dealt with. Thanks again for such an excellent program.

I would like for the new Version to have a more attractive interface.

or if not a more attractive interface a more optional interface.



by that i mean for example if u want to add the scehdule or tea timer or host file well u have to go to advance mode. well these 3 features are used alot why not put it in the standard mode?




also if Spybot-search & destroy has a more attractive interface it could mean more ppl using it:bigthumb:



but the main thing is for those options

anyone?:scratch:

well of course having a better interface isn't as important as having better spyware protection

however, it would be nice to have an easier to use interface

Placing more items in the initial screen simply adds to the confusion for a new user who's seeing the interface for the first time. This is no doubt why they were left out, until the user had time to absorb the most important items such as Check for problems, Recovery, Immunize and Updates.

You'll note that the Immunize button in the left pane goes directly to that function without requiring Advanced Mode. where it is also found. Are you thinking something like a button for these items, some of which are less dangerous then other features in Tools or Settings?

If so, I tend to agree with adding a Hosts file and possibly a Schedule button, though I'm a bit more concerned about enabling TeaTimer, since it's not easily understood without some background.

I also think the 'View Reports' item should have such a button, since we often ask unknowledgeable people to get a full report and thus force them to enter Advanced Mode. a bad idea in my book.

I'd also like to see the 'Expert button' in the Results screen enabled by default, since I believe this is easier to use then requiring someone to enter Advanced Mode to make basic File sets selections.

In either case, once someone has enabled Advanced Mode, they will never see the warning again. I believe this warning should display every time you enter Advanced Mode, reminding users of the danger of some of these Tools and then returning to Default Mode the next time you enter the program. A check box selection in Settings could disable the warning permanently, but would require the person to find it first, indicating they might have a clue.

Two words: Compressed updates
1.3mb per update is getting a little harsh for 56k and similar and spending an hour at a client to fix a machine isn't fun.

Two words: Compressed updates
1.3mb per update is getting a little harsh for 56k and similar and spending an hour at a client to fix a machine isn't fun.

you gotta be kidding me!

forget it, BrainDedd! The spybot updates arent going to get any smaller each time a new update is released. get used to it.

2 requests:

1. apply updates w/o having to close/reopen spybot
2. create an email list that sends notification when defs are updated.

if either of these are already implemented, please excuse me for not being able to find this infomation. a pointer would be wonderful.

I dont think ANY of these features will be implemented. making an email list or email notification is not necessary (as I read somewhere in another thread) and the email client's high spam settings may block the notifications from reaching the email address.

You may want to configure spybot to download updates automatically by checking the option "Download updated include files if available online" from the Settings, Automation, WebUpdate section. that option works similarly to XP's automatic updates feature.

all right. I've found the quote where bitman said about the email notfication feature:

Updates have been released regularly on Friday (late afternoon in Germany) for months now. See the Announcements Forum (http://forums.spybot.info/forumdisplay.php?f=2) for a history.

With this regular schedule, an email notification is un-necessary and a waste of resources (Money).

I hope the next version of Spybot would include Immunization support for Opera 9 web browsers. I just downloaded the final release of Opera 9 browser today and Spybot does NOT offer Immunization for it, even when I checked the "individual profiles" setup option during install of Opera 9. Spybot 1.4 will offer Immunization for Opera 8.5 and earlier but NOT Opera 9.

Opera 9.0 browser installs in a different folder than in previous versions of Opera.

this is a note of a user:

Suggestion-Allow user to designate or exclude folders for search:
The reason this would be helpful is that I have backups on my drive, in a zip format, that do not need to be scanned because they are achival files. Unfortunately, because they can't be excluded it takes forever to run a search and destroy. Other than that it's a great program. Thanks

another note of a user:

Clarity (Font):

When displaying filenames, could you please use a Font that distinguishes between upper-cased "I" and lower-cased "L"? "Tahoma", maybe?

At the moment, the only way to tell them apart is to copy the text to clipboard and paste it into a text program.

I was going through the [Tools > System Startup] list and couldn't understand why SpyBot wasn't detecting the "WINotify" spyware ("AbetterInternet Spyware"). It turned out to be "WLNotify", with a lower-cased "L", not "I".
I almost deleted it manually.

you gotta be kidding me!

forget it, BrainDedd! The spybot updates arent going to get any smaller each time a new update is released. get used to it.

Better yet, BrainDedd, dump your 56k connection and get broadband internet access by either your local cable company or DSL provider so you wont have to worry about your slow, unreliable 56k internet connections.

Maybe can in `Ignore Products` be some information like Example in cookie list HitBox:+ Hitbox (expanded:) - HitBox Cookie
Other suggestion:For skinner 1.1:Create or edit icons and pictures right to the toolbar,support for skinner 1.0 and 1.1.
Fix in TeaTimer (http://forums.spybot.info/showthread.php?t=122).
And SpyBot-Search & Destroy screensaver (for this need time).

get used to it.


Better yet, BrainDedd, dump your 56k connection and get broadband internet access by either your local cable company or DSL provider so you wont have to worry about your slow, unreliable 56k internet connections.

Please let's keep it civil.

Also, not everyone has access to cable/DSL.

Regards. :)

First of all, I just wanted to say thanks to the creators of the great software that Spybot S&D is. Congratulations for doing such a good job !!! :bigthumb:
I :bow: before you.

Secondly I would like to request a little thing that I think would be useful:
In [Tools>>System Startup] it would be nice if you could see the dates the entries were created in your computer:
I suffered a recent spyware infection and it would have been esasier to cleanup my startup if I has been able to see when were the entries created... I wouldn't have had to check every entry, but only the more recent ones, and could have ignored the old ones untroubled.

I don't know if this is possible at all... but think about it, OK?
Keep up the good work !!


Regards,
LeAd DiAg

if it is not to much of a suggestion, a parental control should be included in 1.5:oops:

i got some idears i use a program called AVG anti spyware AKA ewido.

Web site blocker
Adult
Hacking/Proxies
Warez
Guns Warfare
Chating Online
Internet Games
Computer Games
Anime/Henity
Cartoons
Raisiem and Cults and more

Detection Spyware

better registry detecion
Boot Logs
Better memory Detection
BHO Viewer and deleter
LSP Viewer
All Files On Hard Drive
Adware
Spyware
Trojan
Dilar
Grayware
Hoxes
Fake Spyware Remover Programs (etc) Spyware Quake-Spy Felcon
Keyloggers
Drive Bye Downloads
Data Mineing
Tracking Cockeys
Browser Hijackers/BHO
Spyware Registry Keys
Toolbars
Parasites
Malware
Scumware
Active X Infections
Memory
Boot Log
MTF Spyware
Pageing Files Spyware
And more

And search up all thease types of spyware

Boot scan
Better memory Detection in scan
BHO scan
LSP scan
Adware
Spyware
Trojan
Dilar
Grayware
Hoxes
Fake Spyware Remover Programs (etc) Spyware Quake-Spy Felcon
Keyloggers
Drive Bye Downloads
Data Mineing
Tracking Cockeys
Browser Hijackers/BHO
Spyware Registry Keys
Toolbars
Parasites
Malware
Scumware
Active X Infections
Memory
Boot Log
MTF
Pageing Files
And more

Some may get detected but sould have more Inhances scans
Better looking skins When scans and deletes make sure that it deletes them propley cos some time they dont go away and thats my idear

Also try other anti spyware progs and get the spyware figerprints out of it (etc) Ewido Trend Micro and more there my idear.

Please let's keep it civil.

Also, not everyone has access to cable/DSL.

Regards. :)

perhaps my comments were a little outspoken and maybe out of line, tashi. I apologize if I had offended anyone.

I get that not everyone can get cable or DSL internet access but the number of broadband internet users continue to rise while the number of dialup users continue to fall. more and more people are getting faster and more reliable internet connections whether dialup or broadband. it's the sign of the times. heck, my aunts signed up for DSL last month. even my cousins have cable internet (about two times faster than my DSL connection). my brother and I signed up for AT&T Yahoo DSL earlier this year.

I would encourage BrainDedd to find ways to improve his internet connections so he wont "complain" about spybot updates getting too big. sign up with either NetZero or PeoplePC if broadband connections arent available where he lives or if he cant afford broadband access. Netzero & PeoplePC have plenty of dialup numbers and provide very reliable 56k internet connections and are almost as fast as DSL/cable.

anyway, Spybot now is offering smaller updates as noted on the web site so there's NO excuse not to download updates.

also, new computers being manufactured these days no longer include 56K modems. I've recently looked at a brand new HP computer at Staples and I found out it had no dialup modem included.

i got some idears i use a program called AVG anti spyware AKA ewido.


I also use AVG anti-spyware but I use the freeware edition

How about a sticky that only is allowed to be edited by the moderator, and just lists the latest link to the beta versions and updates?

Alternatively, these can be linked on the download page. Not only is it hard to find a beta version, but when using my Spybot settings to download them, there's not much information given (even the latest complete version number isn't listed).

Perhaps I'm missing the post or page where versions and changes are gathered together in one spot. If so, please post the url.

Also for the occassional manual-updater-person a "SELECT ALL UPDATES" button would be awesome!

Don't make us click each checkbox for each update :)

Keep up the good work.
Spybot Team you're the best. :bigthumb:

and once new updates have all been downloaded, that it will add the newest by program hitting the IMMUNIZE button + Add host file.

I do this everytime I update, to add the new stuff should it have updates in this area.

Might even be a good time to restart the client.

So, updates are gotten, clients installs new updates, REimmunizes itself, REadds the host file and then restarts the client with out prompting. Just happens.

NerdsOfTech:

Also for the occassional manual-updater-person a "SELECT ALL UPDATES" button would be awesome!

Don't make us click each checkbox for each update :)
You don't have to check each update!!! See the following thread:
would like....
http://forums.spybot.info/showthread.php?t=13104

What about if teatimer option could be activated/deactivated only by administrative user..., if a "normal" user is able to deactivate teatimer, could it be a little security problem ?!?

Maybe, it could be implement by an option in install step, if admin prefer activate teatimer for all profile ?

Bye & thx for all :)

What about if teatimer option could be activated/deactivated only by administrative user..., if a "normal" user is able to deactivate teatimer, could it be a little security problem ?!?

Maybe, it could be implement by an option in install step, if admin prefer activate teatimer for all profile ?

Bye & thx for all :)

This would be great.But there are times when you NEED to turn teatimer off.
I had a serious problem when teatimer alerts were literally filling up my screen telling me the same attempts at reg changes were being blocked- due to a long term infection that i couldn't clean.The fill rate was about 3 alert boxes per sec! I needed to turn it off just to get functionality from my pc! So, easy you think.WRONG!It is not. A simple right click on the systemtray icon then navigate up the menu to switch the tea-timer off...but wait...the pop up menu from the systemtray resets/disappears as EACH new alert box appears.So the program and me have approx one third of a second to do the following> right click, render the menu, move the mouse over the relevant option, wait till it highlights the option (this step takes ages for some reason??), then click the highlighted option.
NO CHANCE.It must be because teatimer alerts and the blocking/referencing white/black lists takes up the same processes as using the menu in the system tray. The system tray menu becomes practically inoperable whilst the system is under a continual attack.
I hope i have explained well enough, good luck with a fix, thanks for a good product.:bigthumb:

Does spybot protect ITSELF?
I imagine since so many people use it, at some point some clever spyware writer will try and quietly disable it, just like they do with windows firewall.GRRRRRRR!
If not, maybe it should. I know some expensive security progs do this and some don't.I don't know how you would go about it but if you checked things like file locations and exact sizes you could maybe see if something had been tampered with??
Just an idea.

I hope that Spybot will look more streamlined, and better in its detection for spyware. TeaTimer should also improve such that it can be much user friendly. TeaTimer in Spybot 1.4 is a bit complicated to understand and use.

@666666: there are multiple levels of self-protection; from those that detect if the executables have been changed (both simply through the Authenticode certificate, as well as through our own checks); on Windows Vista, we integrate into the Windows Security Center which will warn if Spybot-S&D gets inactive, and a few more.

@darkdestiny, Despise_Spyware, Chaos17: well, the looks... I admit I tend to look more at functionality than at looks ;) The 1.5 GUI won't have a lot of UI changes; but the 2.0 UI will be completely redesigned, and that redesign should start next weel.

@boyscout: new TeaTimer has an option to get disabled in the context menu.

@Reggie Stry: there'll be an extra page on the website for beta overviews :)

**JameS**: getting fingerprints out of other software is a huuuuuge copyright violation.

@unsure: parental control? Hmmm... parts of Spybot-S&D (Settings, Tools) can be protected through a password... that's undocumented though ;)

@LeAd DiAg: when the entries where created cannot be determined from looking at the registry (a registry key has some additional information, registry values do not). But there's the snapshot mechanism - right-click many of the Tools lists, and you can create a snapshot. Every change after that will be highlighted in bold until you make the next snapshot.

Also, for not having to check each entry, RunAlyzer might be a better choice, since it has some better classification mechanism, and will replace the Tools section in 2.0.

@anonymous user: font has actually been changed to Tahoma as wished for :)

@BrainDedd: smaller updates have also been implemented months ago, just didn't reply here yet ;)

@Osc: whether you have to close/reopen depends on the type of updates. Some just need restarts, e.g. for .exe and .dll updates.

Mailing lists have been planed for years, just never have been set up really ;)
As noel-pr7 said though, the fixed day (currently Wednesday, because it gives a better response time in case of problems than Friday) makes it easy.

@wceti: there were interim versions of 1.4, and 1.5 will support additionally attached harddisk from the scratch: it will search all drives for Windows installations, and then will be able to scan files and even the registry of those inactive installations. This works without any changes when booting Windows PE (Bart PE...), or when specifying /allhives when starting Spybot-S&D.

@Osc: Scheduled updates: should be even easier now due to separate SDUpdate.exe

Guess I should try to give answers more in time to show that I actually read this :rolleyes:

Would be nice to add Safari to list of browser of immunize. Thanks and keep up the great work.

Since I've thought about Safari myself, I've created a feature request (http://forums.spybot.info/project.php?issueid=20) for this. Vote there if you want it implemented ;)

I've also added some comments there on why it might take some time, and what kind of information would speed things up ;)

Just to add about the latest 1.5.1.16 and additional file patches and reg-patch for floppy-seek at startup.

The patched & regfile imported system, it still seeks for floppy at startup & update.

& are there more people using SS&D & Spywareblaster ?
Since immunizing using SS&D1.5, spywareblaster takes a much longer time checking the Mozilla/Firefox protections enabled.

I use spywareblaster and notice no changes, but, I use IE!

I also have updated things, and still have floppy seek too

Also, "and additional file patches" isn't really descriptive, could you name all the files you've used (not necessarily now, I reproduced the problem, but in general ;) )?

Also, if the patch doesn't work, please report it in the project tools entry, not in this place for suggestions, so it won't go unnoticed.
I'm going to check that stuff again...

I need to step out, but will be back soon to test this and report for you, in the other thread

Sorry if I wasn't too clear about the patches, I used all of them from http://forums.spybot.info/showthread.php?t=17886

Anyway, PepiMK you updated the regfile, now it works, no more floppy checking !! :bigthumb:

Hello ,

Is there a way now , in v1.5x , to allow Spybot to scan other Drives other than "C" ?

Scott.................:sad:

Scott:

There are no settings within Spybot to scan specific drives and it is not normally necessary. Unlike anti-virus programs and some other anti-spyware programs, Spybot does not do an in-depth scan of every file on the primary drive. For a brief description of how Spybot scans see:
Why is Spybot-S&D so fast?
http://www.safer-networking.org/en/faq/1.html
There is a special scan for Spyware installers (files not installed yet) that can be limited to specific directories (actually it should be limited) which can be located on either internal or external drives. To activate this feature go into Spybot > Mode > Advanced mode > Settings > Directories and add directories. There is more on what this feature scans for here:
Why does Spybot-S&D find so many Spyware installers / how is that Download directories setting used?
http://www.safer-networking.org/en/faq/15.html

I was wondering if you could add an option to scan a file when the resident blocks a registry change.
I'm currently using Spybot S&D 1.4, great program btw, and am not sure whether it already has this.
Thanks

The TeaTimer in 1.5 indeed has some lists that tell it how the monitored registry entries are linked to files, and scans those files if found :)

My only suggestion for this great program would be a pause scan button, while scanning.

This exists in 1.5 :)

You need to go to the settings and check the options to display all buttons though.

heh, thanks for the response. Now that my only suggestion has been resolved, i can only consider spybot s&d to be 99.9% perfect!:laugh:

Thanks for all your hard work on this essential software!

Another suggestion would be aswell as a progress bar, is it possible to also have a percentage count aswell. Now im being a little picky!

And also, when a new version of spybot is available, show a link to the download page in the updater window aswell. You could also include an option to check for beta program updates or even have a direct download link to the files.

And finally, during a scan, show the time remaining of the scan, to give people a rough idea of how long the scan would take.

honda12 last post i agree with.
Addaware was good, why cant spybot tell you the registry being scanned, and memory, and active spyware products in memmory etc, and an estimate scan

-I WANT to see an option to kill running processes, like for real,
-and the ability to remove items on boot, like right lick them and select 'remove on boot',
-and the option to uninstall any program, like those nasty pricks that wont uninstall.
-And the option to lock the entire internet but spybot so spybot can download the latest updates and the spyware/trojans on your pc cant download friends and update themselves and hog internet use before you remove them.

What exactly is an "option to ill running processes, like for real"? Is our method in any way "unreal"?

And Spybot-S&D asks you whether you want to remove items on reboot if you can't reboot them, why confusing the user with another option to do that from the context menu?

What exactly would be "an option to uninstall any program"... if Spybot-S&D doesn't complete remove something, you can always inform our detectives and they will improve detection for that program... or you can even write detection files yourself... but the "option to uninstall any program" is usually called "format c:" ;)

The last one is a good idea to keep in mind though :)

would it be possible to implement a system tray icon for the updater?

-an option to just right click a file and choose 'remove on boot', just permanently delete it, something like GiPo@FileUtilities 2.9 but preferrably GiPo@remove on boot.
Spybot seems to not be great at scanning at startup and removing, what if i dont want it scanning at boot, i just want a file i chose deleted
honestly i dont know., is there a better way, research maybe to how spybot can remove files, or clear them out of memmory to kill the processes and than delete them

-also check to see if a new version of your setup maker for spybot is out, if yes, see if the repair option/modify is supported now

I still don't understand ;)

If it's about files Spybot-S&D detects, it already schedules them for removal during boot. And if it is about any file you want removed, the Erase using Spybot-S&D option in Windows Explorers context menu does the same.

And it already does a lot to "remove them from memory", including killing process handles, unloading file handles, closing library handles etc.. I guess it would be better if you would name something specific instead that is currently not removed through the standard methods ;)

InnoSetup homepage (http://jrsoftware.org/isdl.php) - no update since October I'm afraid. Neither for the Repair/Modif addon (UnInsHs (http://www.han-soft.com/uninshs.php)). The incompatibility is not exactly with the setup engine itself though, but with the ISX download addon, where helpinf updates are not very likely (we have to use an old version of the ISX download addon since newer versions have this problem of scrambled texts during the download on older Windows versions).

Another suggestion would be that when you select multiple items to be 'erased with spybot search and destroy' from the context menu, each item you want to delete, pops up with it's own individual warning.

When multiple items are selected, there should be one pop-up listing all the files set for deletion, instead of loads of pop-ups for each file.

:crowned:

I think the problem with individual warnings is that Windows calls SDDelFile.exe for every single selected file.

A better solution would be to integrate tighter into Explorer (like the file properties scanner - as a DLL loaded by explorer.exe), since that would allow us to see all selected files at once.
But I'm not sure how it would act when you're killing a file that needs Explorer to shut down to be removed - it might lead to it stopping itself from removing the files ;)

Maybe a combination...

How about also enabling the 'erase with spybot search and destroy' to work with deleting folders. :)

And here's another one, When a scheduled scan is in operation, If you move the scanning box you can see the loading bar (same bar as when you start up the program). At the moment, it is hidden behind the scanning box, but is there a way to hide it?

and one more :laugh:

In the recovery window, the picture of the 'first aid kit' has a red cross on it, while the icon in the side bar has a green cross. It would be better if the the 2 icons matched colour.

(now im being really picky!)

All noted :)
Yes, that cross should be green as well (the red cross is a trademarked symbol and the red cross organization doesn't like it used anywere ;) )!

Will think about a way of hiding the loading bar, not sure though if that could make its way into the next version, since I already made a possible RC build today :)

The erase option will surely improve a lot; not specifically for this, but for a bunch of other topics as well (we've got some broader new cleaning concept in planing).

I love the advanced features SpyBot includes, but there were a few things it seemed to lack.

When you scan for problems, it always checks specifically for individual bad programs, which makes not including an explorer extension of right-click scanning understandable, but the ability to specifically target a certain directory or file (possibly by right-clicking) would really be nice. I sometimes feed malware to anti-malware programs to see what has proper detections, and that's hard to do with SpyBot.

The second issue is that SpyBot doesn't give the option to hook Firefox like it does to Internet Explorer. Internet Explorer is a commonly used program, so it is very targeted, and needs protection. However, now Firefox is becoming popular I understand exploits exist for it too, so there needs to be an option to hook Firefox just like with the Internet Explorer tweaks. As far as cookie managment, the current version of Firefox doesn't offer a whole lot of support for it, so some extra setting tweaks couldn't hurt. It has a checkbox to enable cookies or not (blocking them foils most logins), and you can carve out exceptions, but the option to quickly (and temporarily) allow a site to set a cookie, with the option to enable/disable alerts prompting if the user wants to allow a cookie - like TeaTimer does with registry changes - in both Internet Explorer and Firefox would be wonderful.

The third suggestion I have is something I'm unsure about. I can't find anyway to manually edit the host file settings in SpyBot. When you find something constantly phoning home to a certain address, the ability to null-route it with a simple right-click is priceless.

A forth neat right-click treat would be in the browser pages. Supposing a user doesn't want yahoo.com to load every time they mis-type an address, they should have the option to change it to something they do want, like google.com, with a right-click.

Number 5: The above suggestion of using the right-click to delete on a startup is not bad. It can be a real pain to try fixing a problem with SpyBot only to require yet another scan on the next startup, more so if it already knows what the problem is. Other competing products generally have this option, so users will probably be used to it.

Yet a sixth is, an additional option to run the program without the brief scan (mentioned somewhere above) under the advanced settings, and perhaps a parameter to specify one or the other to override the current setting and shortcuts for both in the startup menu. This would be really helpful for those with slow computers who are only (at that time) launching SpyBot for its utilities and do not likely have to worry about something intercepting the process at that time.

And finally, TeaTimer should hook the operating system to prevent its termination. Any malicious process could probably just terminate it when TeaTimer gives trouble (which it most likely will), so it needs to defend itself. Then, to be fair to the user (such as in a case when the user is installing a trusted program that makes many registry changes), there should be an option to disable TeaTimer temporarily.

Now, my picky suggestions involve the startup info page. Some additional right-click options would be nice, such as running (or at least specifically copying to the clip board this alone) the listed uninstall command, or in a case where none is present, an option giving options to find information, like putting relevant details (such as KB884016) into a search engine to minimize mistakes and safe work/effort from the lazy user.

I'm not giving any of these to criticize the program - I already consider it as a top-quality program - but I truly think they'd be nice, and I'd personally make much use out of them. As for the program rating, I give it a 95%, with a subtraction of 20% for the lack of a targeted scan, 10% deducted for its lack of support for Firefox (what we should probably be using), 10% extra credit for its good definitions, 20% for the advanced utilities, and a deduction of 5% for the disappointment I get in a few of the wonderful tools going so far and working so well, but then leaving me without an easy way of fixing something they present (all those right-click options). In short,
100 - 20 - 10 + 30 - 5 = 95% A.

1. For targetting a special file, see Spybot Christmas Presents, Part 2: Separate File Scanner :)

2. For Firefox, there are already great generic protection plugins: NoScript and AdBlock, for example. It's somewhere on our todo list though to write a specific Firefox plugin as well :) I've added this issue (http://forums.spybot.info/project.php?issueid=162) to the bug tracking/feature request system though to allow votes and comments on the topic.

4. The browser page overview already allows you to change entries (see Change button in the toolbar). Do you want that button to be available in the context menu (right click) as well, or have I misunderstood your point?

6. For utilities, I would recommend RunAlyzer as a stand-alone tool. It's going to replace the integrated tools section in Spybot-S&D 2.0 :) RunAlyzer takes a lot of time to start up as well, that's true, because of it's integration check. Requests for specific combinations to be added to the startup selection are welcome.

7. The option to temporarily disable already exists, and the 2.0 TeaTimer is already concepted as a system service and with some other plans to make it more persistent :)

X. In RunAlyzer, you can already copy entries to the clipboard. I've added this feature request (http://forums.spybot.info/project.php?issueid=163) for direct browser links though.

Sorry that I skipped some entries, just used a short break in working on the new TeaTimer which I need to get back to now ;)

Separate Secure Shredder suggestion:

Followup on a gripe by Sliztzan (http://forums.spybot.info/member.php?u=33974) in the following thread:
Context menu entry
http://forums.spybot.info/showthread.php?t=22553
Please consider adding a feature to the Spybot > Mode > Advance mode > Tools > Secure Shredder facility that would allow the addition or removal of the standalone context menu driven "Separate Secure Shredder" after the installation of Spybot.

When working on firefox support, please simultaneously add support for flock.

It is based directly on firefox. It almost seems like a permanent plugin and skin since its still firefox underneath, but it has changed paths so plugins with hard coded path information, and Spybot, don't look in the right spot for various information. And immunization thus probably is not doing anything either.

I am assuming from the previous post that when you say firefox is supported, you don't directly control it as you do IE (I see the link in tea timer), and that when hooked it will be done as a plugin (per previous poster)? I am already running adblock plus with additional subscriptions. But I am getting some that they missed via your HOSTNAME blocks (I see the image not available tag from the browser).

Instead of hook, your current support is scanning the directory's and registry correct? which is better than nothing, but I don't know if I've been had since its not scanning flock's directories.

If you don't hook then what is the protection/immunization doing when it is protecting firefox?

Also until Tea-timer becomes a service, make it easier to restart it. I saw it was not running the other day and could not find how to run it. I looked in the start menu, programs folder, and inside spybot. I think it used to be on the immunization page.

Added two feature requests :) :
Browser support for Flock (http://forums.spybot.info/project.php?do=gotonote&issuenoteid=821) (Spybot-S&D)
Browser support for Flock (http://forums.spybot.info/project.php?do=gotonote&issuenoteid=822) (AlterEgo)

Hi, I would love to see a 'Minimize to Tray' option. i was asking about it here (http://forums.spybot.info/showthread.php?p=184821#post184821) but would love to see it properly put in. Just a tick box that when ticked, if you press the minimize button, it minimizes it to an icon in the 'tray' rather than on my taskbar. Thanks!

i have some suggestion.Could detected cookies be for example orange?or some other weak things.Cause all detections are red and for a second im scared if it is spyware or something like that:-/

another is,rather a question..Is there some new version planned?with some lower memory usage?or better realtime protection in tea timer??

i think,the biggest improvement would be more frequent updates!!:)i mean,dont matter if they will add less detections,but my comp will be sooner protected,dont u think?:)once a week is not too much:-/

If you want more frequent updates, a good idea would be to participate here (http://forums.spybot.info/showthread.php?t=21513); no action involved after installing it, but the more people participate, the less testing is needed on our side :)

First off, I want to give you a hearty "Dankeschoen" for Spybot S&D. It is an amazing program! I always recommend it to my friends and family. Because of your program, I have no spyware! I also make sure to donate money every couple of years.

My question is this: The program always refers to "Internet Explorer" being protected. What about Firefox? That is the browser I use, but I have seen no references to it in Spybot S&D. Today I downloaded 1.5.2 and as soon as I restart my computer it will be installed, so maybe you have Firefox support in it?

Again, thank you for Spybot S&D!:bigthumb:

You're welcome :)

Both immunization and scanning do know Firefox (including the old versions that were still named Firebird), Mozilla/SeaMonkey, various Netscape Navigator versions, Beonex, K-Meleon, Lolifox, Wyzo, Flock, and Opera (Flock and the latest Netscape versions may need the next release).

Internet Explorer additionally has a plugin; for Firefox (and the various compatible Mozilla versions), there's a feature request for a plugin here (http://forums.spybot.info/project.php?issueid=162).

One suggestion would be:

Integrating "ClearType" into Spybot's text. It makes it much more easier to read.

Such things should be handled by the framework (Delphis VCL) actually, but I might take a look at where it could be influenced ;)

Meanwhile, 1.6 beta 1 is currently tested whether we it's fit to be made public... :)

Perhaps a little request :

Ability to play some sound when scan has finished.

Take a look at the Settings page, you can already set up different sounds for a clean vs. an non-clean end of the scan :)

Ah. Now I've got one.

I used to use TeaTimer all the time, lols, however problem is that TeaTimer will take up around 45-50MB of memory when the computer has been idle for, say 45 minutes.

I've checked the Task Manager during the first few minutes after boot up and TT was using around 35MB. It slowly rose after time.

Pepi, I was wondering if you could cut down the memory usage of TeaTimer. I find it quite useful, but even on 512MB of RAM, I don't like the sound of the cooling fan when I'm running TT and Firefox simultaneously. Thanks.

Here's another one:

I recently installed Opera (9.50) and only used it for a day or two (a reason for this is because, as you may know - I LOVE FIREFOX!!! WOOO!!! :FF:) <--- :clown: sorry for caps! Anyway, before using Opera I immunised it with Spybot, but after I un-installed Opera, the Opera immunisation profile was still in Spybot :eek: :fear:

Spybot should be able to detect if a browser is un-installed and if so, delete the immunisation profile :)

More...

You could have a 'Delete browser profile' option in the context menu on the immunisation page, but you would only have this option in advanced mode

@drragostea: before I implement the last TeaTimer feature for 1.6, I'll have another go at monitoring its memory usage.

@honda12: advanced mode sounds very necessary ;)
Still not quite sure there though, detecting "uninstalled" browsers might be tricky, profiles are usually not exactly linked to one specific executable.
The Firefox profile folder is used for Firefox 3 even if Firefox 2 is "installed", for example. Opera can have profiles everywhere, and if I have three different Opera versions installed and remove just one, which profile should I remove?

Maybe a small stand-alone tool for separate download for those people who wonder and come looking for a solution would be better?

The file properties dialog scan as i understand has been made optional by ensuring that it doesn't start until u click on hte s&d tab. But i request you to change the name of the tab to scan with s&d or better put an option to start a files scan on the right click menu itself [context menu i think] like most antivirus prog's.
i.e:
now: Right click on file/folder-> properties->sp.bot s&d to start scan
suggestion:(right click on file/folder->[click]Scan with S&D)

this will also prevent crowding of the file properties dialog with tabs

OK the skin is holding on this release.

but,

1. I'd like to be able to stop that popup box that wants to delete temp files that starts even before you get to S&D. I'd rather have that within the program. Besides I am a dialup user, and do not clean out my temp IE folder as much to save time.

2. This version still opens to the "settings" page of the program. I hope it will be corrected in next update to open back at the main page.

@HOODYE8:
1. There you have luck :)
It's undocumented and unofficial, but should work in beta 2:
Need option to disable temp folder cleaning (http://forums.spybot.info/project.php?issueid=265)
2. Will be looked at as I wrote above somewhere I think ;)

@outspoken: funny thing: usually find the context menu too crowded instead of the properties tab ;)
But in the long term, it'll lead to what you described, because it fit's better into the overall concept :)

??? I don't have this in my registry

Tweaks\DisableTempFolderCleaning


can't the coders just make a setting for this in the final version to stop this annoying thing?

OS: Vista Home Premium SP1

@Hoodye8: well, cleaning the temp folder is able to speed up the scan quite a lot depending on how large it is.
If users would misinterpret this option and disable it, this would mean a lot more support work in finding out why some users scans take so long.

You wrote that you do not clean out your temp IE folder to save time, since you're on dial-up.
That's fine. Because this function does not clean out the Temporary Internet Files folder (aka browser cache), but the regular temp folder used by applications during installation of software to temporary store extracted files, for example. So your browser cache would not be affected at all. But thinking that it was, you would give up the possible speed improvement, being a good example on why options often complicate things more than both sides expect ;)

PS: and no, tweaks have to be created, the do not exist beforehand. I should add a help page about them somewhere, but then, they're inofficial tweaks only ;)

Ah OK, well if it just cleans up the windows temp files than that's another deal, and i don't care about that folder. It may be an idea to have that box say that.

Yeah being on dialUp I only clean out those files once in a while, but I do clean my cookies more often.

I just don't like this vista OS having made so many folders inaccessible now, like the IE temp, history, and cookies.

So thanks for clearing up what files are deleted, I couldn't find that folder in my reg as it was anyway.

:fear:

I got another deal goin here now, I'm not sure just what version of S&D put this tap in the system properties box.

I was checking my C drive properties, and found the properties box was taking a little longer to pop up than it did, or any other properties check was on any other drive.

when it did show, I seen this spy bot tap listed, so I clicked it to see what it was for.

Well hell this thing seemed to just start some sort of system scan, which never did finish, I left it on all last night to see just what it was for, and this morning was stuck, but it took forever just to get to that point.

first thing is it shouldn't just start right up doing this, it should have a box to ask you what you want to do and tell you what it WILL do.

So I'm thinking what ever this tab is for, its probably making my properties box taking longer to show up now.

can tis be removed some how? is it in settings? I don't need this in the system properties box info, I can do this from within the regular program when I wana check for malware or bots.

OS: vista home premium
S&D 1.6 beta 2

It's a bit different from the regular scan, since it's usually targeted for single files only (can do folders and whole drives as well though).

But I agree, this part caused too much trouble. For the next release, I've recently finished the alternative that has been suggested a few times here: SDFiles.exe, which appears in the context menu when you right-click a file (not in the Properties window any more), giving you some more control on when to scan exactly, allows to drag'n'drop more files onto the window to scan, and runs on 64 bit systems as well.

To remove the old one right now, you would have to unregister the DLL. That's probably the commandregsvr32 /u "C:\Program Files\Spybot - Search & Destroy\SDfiles.dll".

Thanks for reminding me about the topic, I wrote a todo for myself to make sure this is automatically removed by the next installer :)

yeah OK, I'll just wait for the next release to re set this thing, I don't use it that much anyway and won't use that tab at all for now. I figure this 1.6 should be about ready for final anyway.

BTW you ever think about the GUI on this program? I mean yeah there are some skins available, but they also seem old like looking graphics wise. Any thought into making the graphics more clear looking, I mean more bright and the colors more vivid?

hi. i have some suggestions to spybot, i can see that i have 11 hostsfile backups in the hostsfile folder, maybe they can be removed by spybot so we dont have to do that manually because the folder is just growing and growing and some people maybe dont know the folder is growing, i mean it is just necessary to have just one backup.

the other one is that maybe the installation wizard can ask if you want to disable the dnsclient to avoid slow browsing speed, maybe someone dont understand why their browsing is a bit slower than before. and it have been great to have a hostsfile server to serve up images or empty images to make the browsing even faster, and to avoid to having to hit the backbutton in the browser several times to get back to where people was, but that happenes only sometimes and mostly when a ad or something is blocked on the site they are visiting, maybe you should link to hostsman wich has a hostsserver.

and maybe the logs should be not only in the advanced mode, but in the standard mode, to be easy for newbies to delete them when they are not needed anymore, to avoid the growing of the logs endlessly

Agreed with Blues about the ever-growing logs and hostfile backups - maybe a section in Settings to 'Remove after' week, month, or quarterly would help housecleaning. Leave it in Advanced, though - it doesn't seem to affect performance and by the time a user actually takes a look at the log dir and hostfile backups, they're not so much a newbie anymore. Possibly another page or note in the .chm as to that.

Some other smallish niggles

a) If not too difficult to make in localizations, personally I'd like to see the 'pullout' info in plaintext if that could be done - somewhere along the way I've lost that ability to show RichEdit material http://forums.spybot.info/showthread.php?t=27344 and I miss the info :sad:

b) Lighter text on the headers!
http://img410.imageshack.us/img410/9821/ssd16headernk1.png

c) Fix the 'persistence' of System Internals "Integrated search for registry inconsistencies" in the statusbar
http://img145.imageshack.us/img145/7259/ssdstatkd8.png
http://img242.imageshack.us/img242/7302/ssdstat2pv0.png

d) It may be just me, but the tiny 'favicons' are ghostly on Immunize and mostly so on Setting-main pages
http://img362.imageshack.us/img362/1903/ssd16iconghostwy6.png

The black header text being less visible may also be 'just me' as that dark brown background is my Windows native for app background :rolleyes: - skins aren't 1-size-fits-all, I've found :hair:

@HOODYE8: yes, we often think about the GUI. The immunization at least has become somewhat nicer with 1.5, and the overall concept is to split things, have more smaller, light (no full color schemes nor full skins like the huge AV UIs) windows instead of everything in one big, but bulky, place. You might also notice an attempt at an unobstrusive placement of our logo in these dialogs (again, not hitting with half the screen used for fancy things, but instead small but easy to recognize hints) in SDFiles.exe (RC 1).
@blues:
1. Good point on backups. We probably should combine all types of backups in 2.0, so that we could put a global "age" for them.

2. If it would be on the wizard, many 2000 users would disable it without knowing what it is about probably. What are the chances that users who actually need this service would blindly disable it, and suddenly have no connection? Rumors on that service are various. Are there any Microsoft recommendations that this file could be safely disabled?

3. See 1., it's probably best to get some combined data storage solution instead of implementing this in various different locations right now.

@ME_2&:

a) a bit late for the 1.6 release, since we've just closed the Release Candidate 1 :-/ But this needs an overhaul for 2.0 anyway, let me take a few thoughts on how it would look best if it doesn't have to be in this context, and maybe it could be brought back into a 1.x update sooner.

b) That's a matter of Windows color schemes; we do not use "static" colors here. In this case, it is the background color for app workspaces combined with the color for highlighted text. Sadly, this background color has no matching foreground/text color, so we combined it with the most likely other color.

c) Fixed, thanks :)
Btw, after 1.6 is out, we plan to immediately move the system internals functionality into a separate file, like we already did with the shredder.

d) that's probably your gray background. The icons are anti-aliased PNGs, which has the advantage that they blend in much nicer in the other places, but the soft edges might make them more "ghostly" when shown on a background color similar to their fading out colors.

Meanwhile, I'm putting the last small touches to the installer of RC 1 :)

i have always disabled the dns client when using hostsfiles without a problem, the only issue i found is if you try to repair the internet connection if you cant browse then you get a message that the dns cache or something like that cant be flushed, but i dont know what that means or if it is important to flush the dns cache. is it necessary to flush the dns cache?

this is from other sites: theeldergeek: As the description above states, it caches Domain Name System (DNS) names for this computer. If disabled, it simply means the system will go upstream to resolve DNS names rather than use the cache.
is this service needed? no. recommended setting: disabled.

Start this service if you receive a 'DNS Resolver Failed To Flush The Cache' message.

from microsoft: The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.

The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. if the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.

does this means our isps dns servers?

from blackviper: It is also needed if using IPSEC.

from hostsman forum: The DNS Client service is not necessary unless the system is used in a large corporate network that uses Active Directory

from mvps: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000/XP/Vista. Windows 98 and ME are not affected.

When set to Manual you can see that the above "Service" is not needed (after a little browsing) by opening the Services Editor again, scroll down to DNS Client and check the "Status" column. It should be blank, if it was needed it would show "Started" in that column.

The above instructions are intended for a single (home-user) PC. If your machine is part of a "Domain", check with your IT Dept. before applying this work-around. This especially applies to Laptop users who travel or bring their machines home. Make sure to reset the Service (if needed) prior to connecting (reboot required) to your work Domain ...

IPCOP running a DHCP server needs the local PC DNS Client enabled to function

i forgot to say that if i left the dns client running when using spybot hosts mvpshosts and hphosts then everything freezes on my computer, it slows down a bit when using only spybot hostsfile too

OK all is good here so far, installed the RC1 over the beta 2 just now and found the things I had questions about working OK now.

1. the screen now opens at the main S&D program screen

2. my disk properties box now opens fast, like it should with the S&D tab removed. this is good cause it wasn't useful anyhow.

As for the speed of scan, its fine by me, I'm used to "slow" lol, I'm even slower than Bill Slowsky, the turtle lololol at least he has DSL, hell I'm still on dial up , smirks. but it seemed to finish the scan pretty fast.

I only have one other deal, which I guess the ones with DSL or cable don't even notice, but why does the program always re update the data base at a new install? I always update to the latest but when installing over another version it never seems to see it and always re downloads the main base again.

Also I still would like a new GUI, or maybe someone has a new skin that looks more like a modern AV type look with 3d bubble buttons.

anyway good deal, it fixed the few items I wanted.

:fear:

great if spybot would have right click scanning and was able to scan all drives like the dvd drives.

Here's a history on right click scanning :)

Scan single files/folders (http://forums.spybot.info/project.php?issueid=86)
Explorer propery sheet plugin: option during installation (http://forums.spybot.info/project.php?issueid=256)
Speed up single file scan (SDFiles) (http://forums.spybot.info/project.php?issueid=261)

thanks pepimk:)

maybe the full spybot scan also should scan cd/dvd drives for optimal protection.

Lol, what would it scan on a Linux liveCDvD? :)

Seriously .. would another tab in <app>/Settings/Ignore products specifically for *only* checked items make sense? That way casual users need not comb the other tabs or the rather lengthy All products tab for the possibly few checked products ignored. Sometimes a product may be selected to exclude rather than a single detection and it is an eye-crosser to run that checked excluded/ignored product down on the Ignore products page as-is.

In a future version would it be possible to make Spybot default to using the "Run as Administrator" option in Vista like some other programs do, without having to set it manually in the "Right Click" Properties menu?

The reason we did set it as "regular" was that Microsofts Certified for Vista requirements did expect it this way. Since we decided against this certification since it would have limited Spybot-S&D's protection against malware trying to crash it, we're not bound to those requirements, though we of course try to keep the useful majority of them.

One of our directly-after-1.6 steps will be even more separation of modules; the system internals will be a small separate tool, reducing one thing that would require admin rights, and the most important part, the fixing, will most likely also become a separate (well-integrated) file so that we might get to a point where it's no longer required to have the main window need admin rights (and you would e.g. need them only when the fixing part is called).

Another release? I thought after rc 1 it would wait till the final was ready? Well anyway I downloaded it and installed, all is still OK, and I can't see anything changed from rc1 to rc2.So you gona hold up now and release a final and no more RC's?

BTW can't the program hold the last updates? instead of going back and re downloading them again after a install.

And keep that popup box warning about adaware off once you click "ignore".

I have the free version of that just for the heck of it and have never had any conflicts or problems using it with S&D

Am running v1.6 and so far love it. I have it scheduled to update, immunize, and scan at night. If I leave a browser open, it hangs there with the message that open browsers must be closed or immunization may not work. Suggest that you give the user the option to automatically close all open browsers so immunization can complete. The ability to turn this on/off would allow users to choose.

Thanks,
Kenny

You can specify /silent (http://wiki.spybot.info/index.php//silent) (or the "bigger" /taskbarhide (http://wiki.spybot.info/index.php//taskbarhide)) on the command line to skip this warning :)

Seems like I'm facing another problem PepiMK. I'm sure, if this has been mentioned before (if it was it was regarding 1.5.2.20)... It seems to me that TeaTimer (1.6.0.30) is using around 50 CPU (I'm not sure if this is how you say it) when Windows loads my account and uses around 40MB of memory.

I took a look again after one hour after bootup and TeaTimer is still consuming the same amount of resources as it did during bootup.

I'm not sure if this is a problem for others, but it is for me.

50 would be 50% CPU time probably :)

Have you tried the 1.6.1.31 TeaTimer from this thread? Download link is in post #21. Also includes a .reg file to enable a verbose debug mode (http://wiki.spybot.info/index.php/Registry_Tweaks#WriteProcessLog), in which case Resident.log would tell you where exactly it hangs. Would be very helpful if you could test that :)

Thanks PepiMK, I'll consider it when I have the time.

I have suggestions on how we can improve program updates:
I already made a new thread, but i thought i would add it here so no one can miss it.
http://forums.spybot.info/showthread.php?t=32318

I noted that many users also post about not liking the clean temp files feature that spybot asks about upon launch of the program. I think there should be a question in future releases (upon first launch of spybot) that asks the user if they want the temp file clean enabled by default upon launch of spybot. I also think it should say, note: disabling this option will make scans slower then if this option was enabled. Also, i think you should be able to change that option in the settings page as well in case the user changes there mind. :)

What do you think?

I did add a feature request entry for this :)
http://forums.spybot.info/project.php?issueid=278

thanks very much PepiMK :)

You can make a tools as standalone executables.
Like that you can keep more tools open. And if you can, you can add on Spybot-S&D Main Menu the Tools button which shows all availble Tools.
It could make a better look if all icons are changed. Some icons (Skins, Hosts, action buttons and especially Ignore Cookies) have never been changed.
But, there is something that I don't like. In 1.6, when you click on Update, it automatically looks for updates. I want to update manually.

....In 1.6, when you click on Update, it automatically looks for updates. I want to update manually.....

ya same here, when i click update on the left side of the program, it searches automatically. This makes it harder to select beta updates for download, etc. In the older spybot program, when you clicked search for updates, it searched automatically which is fine. But then if you wanted to select other options beforehand such as beta updates, clicking the "update" button on the left side panel would give you options and then you would press search. The right click teatimer option "search for updates" searches automatically, along with the button "search for updates" in the spybot program. Those are fine. But i think "update" found on the left panel of the spybot program should allow again like it did in previous versions, to click beta updates and then be able to click search instead of it searching automatically.

Hope that makes sense!

http://forums.spybot.info/showpost.php?p=199211&postcount=101

I don't know what the framework is, that is required for ClearType... but I'm just hoping it can be implemented.

Can Tahoma be used instead of MS Sans Serif font (I think that this feature has been suggested) ?

dont you think this needs to be updated PepiMK? ;)

http://forums.spybot.info/showthread.php?t=24183

Oh, indeed :oops:
Will do in the next days, at the moment I'm a bit slow, just started to learn to type Dvorak ;)

One more suggestion: Organize scan results somehow like this:

¤ - Adware: 3 entries
¤ - Zango: 2 entries
¤ - Executable File
C:\Program Files\Zango\Zango.exe (3,5 MB)

¤ - Temporary File
C:\00Zango.tmp (67,7 MB)
¤ - Zippy: 1 entry
¤ - Tracking Cookie
Internet Explorer (Administrator, 3rd party,22.12.2004., 05:35:24)

¤ - Trojans: 1 entry
¤ - Psyme: 1 entry
¤ - JavaScript File
C:\Program Files\XYZ\script.js (173 KB)
¤ - Usage Tracks: 3 entries
¤ - Logs: 2 entries
¤ - Text Document
C:\Program Files\log.txt (1,5 MB)

¤ - Log File
¤ C:\00setup.log (7 KB)
¤ - Cookie: 1 entry
¤ - Cookie
Internet Explorer (Administrator, 1st party,04.02.2006.,21:35:24)

¤ - Temporary Files: 2 entries
¤ - TEMP Dir.: 2 entries
¤ - Temp file
C:\WINDOWS\TEMP\log.tmp (1,5 MB)

¤ - Log File
C:\WINDOWS\TEMP\tmp.dat(7 KB)


Found 10 entries. (Instead of Found 10 problems.).

Oh, indeed :oops:
Will do in the next days, at the moment I'm a bit slow, just started to learn to type Dvorak ;)

Thanks, its ok, you do what you can. :) I can understand that you are a very busy person. Thanks for updating it!

why not have a feature that sets a kill bit on vulnerable activex controls until a patch is released by microsoft.

blues:

If I understand your request properly, you can do that within Internet Explorer. In Internet Explorer, click the Tools button, click Manage Add-ons, and then click Enable or Disable Add-ons.

i was also thinking about other activex controls that is on the computers, for example a script on a website that does something with an vulnerable activex control that is on the computer. we can not disable all activex controls on the computer with the internet explorer add-on manager.

When spybot detects or deletes a file, write the file's date created (or date modified) in the log file (and possibly on the screen during the removal stage when the user is prompted) - this would be helpful in determining how long the computer has been compromised. In my case I had a keylogger and wanted to know how long it had been there.

Good idea :)
Added to project tools: Display file dates (possibly more) in log (http://forums.spybot.info/project.php?issueid=292)

One more suggestion: Organize scan results somehow like this:

The whole point of the temporory files thing is that the scan is faster if that folder is clean. Showing them as part of the scan results does not really do any good I'm afraid ;)

dont you think this needs to be updated PepiMK?
The new download link thing will hopefully avoid outdated links in the future, we just have to remember to link there only after new uploads ;)

If that is not OK, then ask for temporary files when you click on Scan button (This is already suggested). And if user answers yes, then scan for temp. files and show results like in an attachment.

Can SDHelper block scripts and some images in IE like Adblock and NoScript in Firefox?

Can you add an option that user can manually add entries as ignored (Spybot-S&D), allowed or denied (TeaTimer & SDHelper)?

And can SDHelper redirect a bad web-site to a page which shows that Spybot has blocked a site which has been visited?

Hello :)
I have some suggestions :)
1) In a further release I think it would be good to entegrate the RootAlyzer into spybot. Of course I think rootalyzer needs some improvments :) For ex: It can't delete some files. And it gives lots of false pozitives. For ex: The crawler toolbar of spyware terminator and all of its files are detected as rootkits.

2) I would really like to see the old eraser module back.

3) I know that some people don't like the Gui but i think it is very good. I wouldn't like it to be changed. But even if you will change it I think it would be nice to keep the old gui and give the users a choice to select the gui to use. I don't know if this possible.Even if it is possible I am sure it would be a hard thing to do.

1. Those aren't false positives in RootAlyzer: RootAyzer shows only suspicious, not identified items ;)
A few are documented, others are on the whitelist, if you know more that shouldn't be shown, please post details in the RootAlyzer forum, and we'll update it :)

2. The "Secure Shredder"? It's still there, just as a separate module. Run SDShred.exe, though the link inside the app hould open it as well.

3. Modularization, see my blog, makes separation necessary.
Don't be afraid of a too-fancy custom GUI though; the 2.0 screenshots on the bugtracker are not up-to-date, but the keep-it-simple of them will be kept.

2. The "Secure Shredder"? It's still there, just as a separate module. Run SDShred.exe, though the link inside the app hould open it as well.



No the eraser :) The one like the unlocker to erase the files that are in use and cannot be deleted:) We have discussed it before with you :) See here:
http://forums.spybot.info/showpost.php?p=209391&postcount=21
http://forums.spybot.info/showpost.php?p=209489&postcount=27

And by the way I will write the safe items to the rootalyzer forum also:bigthumb:

Ah. that one, sorry :)

It's clearly planed to return, with the new concepts supporting it better. SDECon32.dll, the experimental new context menu plugin (in the form of a dll handler to avoid the opening on unknown files) already has the code to list it in the Spybot-S&D file context submenu if the corresponding file exists :)

Please change the way the updater checks for installed updates. Right now it only uses the downloaded.ini, but if it gets corrupted (happened to me) or accidentally deleted, or if you manually install some updates, it will tell you you need to download/install updates you already have to begin with and sometimes it even wants to install files that are older than the installed (TeaTimer). Best solution would be to check the version info of .exe and .dll files and add version info to include files.

Manually installed updates (at least through spybotsd_includes.exe) should update downloaded.ini, but you are right of course; this will probably be covered by this feature request (http://forums.spybot.info/project.php?issueid=249).

Would be nice to see Safari and Google Chrome add to the list for Immunize.

Chrome scanning support has been added in 1.6.1.

Immunization is not possible with Safari and Chrome currently since both seem to offer no interface for that purpose. Well, Chrome has a database for an Internet blacklist, but we haven't how that could bu (mis)used for immunization yet ;)

You can specify /silent (http://wiki.spybot.info/index.php//silent) (or the "bigger" /taskbarhide (http://wiki.spybot.info/index.php//taskbarhide)) on the command line to skip this warning :)

What command line?

Not that I don't know what a command line is, but if one is running automatically, there is no place to put this command line option in.

Please elaborate.

Same issue with the reference to the /silent documentation - the options are present, but no description of how to make use of them.

unsolicited:

You can add the command line parameters to the scheduled task. For example: by adding the following parameters, Spybot should start, update, immunize and close:
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoupdate /autoimmunize /autoclose /taskbarhide
For additional information on command line parameters that can be used, see the following:
Are there any command line parameters?
http://www.safer-networking.org/en/faq/30.html

I'm not so familiar with the programming languages, but it would be fun to know how ClearType can be integrated into Spybot, like it uses CT by default if the user's machine has CT enabled.

Thanks alot md usa spybot fan, you're code is what I was looking for, appreciate it. :)

Hi, thanks for this great software, it's good to see how the best stuff is still free (as so often) and that you're sticking to it for so long. I hope this is generating good business for you and that you managed to get in tune with that mystical Girl we've been praying for ;)

I just read on your frontpage people complain about speed, and even I am twiddling my thumbs for the hour it takes to scan. So here my suggestion as a software designer, programmer, and database person:

Your scanning algorithm seems to follow the following nested loop structure:

for(threat in ALL_THREATS) {
for(fingerprint in threat.fingerprint) {
for(fingerprintOnObject in fingerprint.affectedObjects) {
fingerprintOnObject.check();
}
}
}

problem with this is a lot of random access seeking 300000 times the same 100000 objects, hitting the registry 200000 times and >100000 times the same <10000 files. Instead, how about streaming the registry and files through a filter that looks for all fingerprints per file rather than files per fingerprint?

for(object in ALL_THREATENED_OBJECTS) {
for(objectThreatFingerprint in object.threatFingerprint) {
objectThreatFingerprint.check();
}
}

that way you check every object (file, registry key) only once and each time you check for all known threat fingerprints. I think you could get a 10x to 100x speed improvement out of that.

What do you think?

I have one more suggestion about usability. The other day I had a very ugly virtumonde infestation. And eventually it killed my setup to the point where I rebuilt a Windows machine (after > 5 years and 1 hard drive crash). The problem was something was deleting WINDOWS/system32/drivers files (pci.sys was gone). But why did I even restart?

I restarted because I was trying to kill winlogon before killing that sdss (sp?) process. And I did that because I loaded up some new process killer which I had to do for the first time and hit the wrong button then the machine came down never to boot again.

This shows:

- you want to avoid rebooting during clean up as much as you can

- when something bad has happened, any user will be executing unfamiliar
stuff under a state of stress with possibly limited access to information (if the browser has a "helper" that spawn malicious processes, you don't want to run the browser to read the fine-print.)

So, therefore, the more that Spybot S&D is able to kill processes automatically so that it can stop the spawning of malicious processes and insertion of registry keys, the better it is for a successful recovery. That new (?) virtumonde thing can probably teach a lesson into how it could work. You need to

1. kill the system-process (winlogon?) that spawns processes and inserts keys

2. while keeping the machine from shutting down and rebooting

3. do a sanity check on system files required for the next reboot

4. restore those files from a backup previously stashed away (outside of the recovery checkpoint function, which is affected by the same malware.)

and finally

6. Protect Spybot S&D from becoming itself a target for malware (keeping in mind that with increased popularity comes increased exposure.)

Thanks for all you have already done!

6. one small attempt in the current version are the randomly named copies of main executables in the Spybot-S&D folder and that they're marked system & hidden. We have two much stronger concepts at hand for 2.0 though. Not sure if I should mention them here to allew malware creators to counteract before they're even available :D:

As for the other stuff, you're right there of course, but I wonder what you would think about the bootable CD thing (insert a CD, boot from it, clean stuff while your system is inactive and malware can not interact/conflict) compared to your suggestions?

edit: overlooked the post above. actually, there is quite of lot of optimization in avoiding multiple lookups. Most of the commands (http://wiki.spybot.info/index.php/Category:SBI_Commands) and parameters (http://wiki.spybot.info/index.php/Category:Advanced_file_parameters) use pre-created and optimized caches. Whether your suggestion would be a speed improvement or slowdown depends a lot on comparing the number of files to the number of patterns, and modern Windows installations grow quite huge, and has other disadvantages. As for the direction of comparing things, did you see this blog post (http://forums.spybot.info/blog.php?b=34)? I tried to explain a bit about the difference of the two possible approaches and why we feel a hybrid would work best.