Spybot 1.5 beta bugs and false positives.

XP home SP2, IE 7, WMP 11 All updates.

I downloaded and installed (after complete uninstall of 1.4) Spybot 1.5 beta from Neowin site. Fully updated, including beta.sbi. Teatimer not set to run.

I found the following bugs/false positives.

1. With SDHelper enabled, I cannot open the pages to SuperAntiSpyware, nor its forum:
http://www.superantispyware.com/
http://forums.superantispyware.com/index.php
I just get a blank page, no message.

Unchecking SDhelper in Tools/resident, closing/reopening IE, I can access those sites. So it is definitely SDHelper that is blocking them.

2. In settings, ignore cookies, the cookie for auto login to SuperAntiSpyware forums is shown in red (as if it were a tracking cookie). If I check it to save it, go out of ignore cookies, go back, I get a message

You have excluded tracking cookies from the search. Do you really want to NOT check for them?

If I click No, the cookie is unchecked. If I click yes, it is not clear whether all tracking cookies will not be searched for or just that one.

What has Spybot got against SuperAntiSpyware? It is a perfectly respectable software, albeit you might consider it to be a competitor, that is no reason to
disable access to its web pages with SDHelper enabled, nor to treat its autologin cookie as a tracking cookie. Version1.4 did not do this.

3. Most tracks not showing up in scan.
I have tracks.uti checked, nothing excluded. The only tracks that show up in the scan are Log and Common dialog. There were lots more with v 1.4.

--- Spybot - Search & Destroy version: 1.5 (build: 20070525) ---

2007-06-15 blindman.exe (1.0.0.6)
2007-06-15 SDMain.exe (1.0.0.4)
2007-06-15 SDUpdate.exe (1.0.6.3)
2007-06-15 SDWinSec.exe (1.0.0.8)
2007-06-15 SpybotSD.exe (1.5.1.10)
2007-06-15 TeaTimer.exe (1.5.0.9)
2007-06-17 unins000.exe (51.46.0.0)
2007-06-15 Update.exe (1.4.0.5)
2007-05-23 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-06-15 SDHelper.dll (1.5.0.6)
2007-01-02 Tools.dll (2.0.1.0)
2007-06-13 Includes\Beta.sbi (*)
2005-02-16 Includes\Beta.uti
2007-06-13 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-06-13 Includes\DialerC.sbi (*)
2007-06-13 Includes\Hijackers.sbi (*)
2007-06-13 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-06-13 Includes\KeyloggersC.sbi (*)
2007-05-30 Includes\Malware.sbi (*)
2007-06-13 Includes\MalwareC.sbi (*)
2007-03-21 Includes\PUPS.sbi (*)
2007-06-13 Includes\PUPSC.sbi (*)
2007-06-13 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-06-13 Includes\SecurityC.sbi (*)
2007-06-06 Includes\Spybots.sbi (*)
2007-06-13 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2007-05-16 Includes\Trojans.sbi (*)
2007-06-13 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll


I am reverting to 1.4 for now, as I definitely want to be able to use SDHelper and be able to delete some tracks.

Please let us know when the above are fixed.
Please let me know

PS Found the SDHelper log, that clearly shows it is blockin Superantispyware:

17/06/2007 04:37:49 Blocked HTTP://FORUMS.SUPERANTISPYWARE.COM/INDEX.PHP: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:44:00 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:44:33 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:44:39 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:45:56 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/?TAG=SUPERANTISPYWARE: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:47:57 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:48:02 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/: /AntiSpyWare2007 (Blacklisted URL)
17/06/2007 04:48:41 Blocked HTTP://WWW.SUPERANTISPYWARE.COM/: /AntiSpyWare2007 (Blacklisted URL)

What is new in this version ?

You ask what's new:

I have not seen a change log, except it is now "Works with Vista" (not relevant for Windows XP users, of course).

http://www.safer-networking.org/en/index.html

But there have clearly been some changes, judging from the fact that individual components have different version numbers from their equivalents in 1.4. Changes appear to be mainly internal. From user's perspective there are no major changes in functionality; minor changes to the GUI and a few of the icons, and new pop up interface when checking for updates.

First, this is not really a public beta; it is a version that's not secret, but was intended for some pre-beta-release tests by a few people. I guess someone just tried a few likely filenames on the server when the beta was announced

1/2. Might be due to "antispyware.com" being added in an unsecure way to the block list (like the something...gator.com F/P we had a few years ago).

3. I'll look into that.

Regarding the changes, they are, as guessed, not to be found in the UI really
A real list will be available with the real public beta then...

Thanks for response. Sorry if I jumped the gun.

I did post separately in http://forums.spybot.info/showthread.php?t=13375

asking if it was the official 1.5 beta, but Tashi's reply was a little ambiguous, so I thought I'd try anyway.

At least you'll have the chance to fix the things I found before the official release

PepiMK said:

First, this is not really a public beta; it is a version that's not secret, but was intended for some pre-beta-release tests by a few people.

Click to expand...

Care for a few more volunteers?

Well, sinee someone (Neowin) already found out the link where the current version is, why not? :laugh:

spybotsd15.exe
(Newer than the one on Neowin Still called beta though)

[SIZE=+2]The changelog as well as currently known open and fixed bugs, and the download, can be found here.[/SIZE]

Ok, I gave the above 1.5 a try(the one PepiMK posted).

I think my host files weere damaged by some program(Comodo BOclean), since Spybot 1.4, when I try to use the "Add Spybot hosts lists". It'll give me this error message: .
Nothing more. Spybot 1.4 just stays as per normal.

But when try to "Add Spybot hosts lists" in 1.5, in addition to the same error message(above), more follows, and spybot 1.5 crashes. These are the error messages that displays when I click "Add Spybot hosts lists", in sequence:








Clicked Don't Send


Then spybot 1.5 just crashes. Note that nothing of this sort happens in Spybot 1.4 except for the first Error Msg. Also, in both 1.4 and 1.5, my Lock host files setting, is greyed out.

Running on Windows XP home. IE 7.

I would also appreciate a solution for what's possibly my damanged host files.

PepiMK said:

Well, sinee someone (Neowin) already found out the link where the current version is, why not? :laugh:

spybotsd15.exe
(Newer than the one on Neowin Still called beta though)

Click to expand...

Thanks I got it installed now and working with it seems nice. I did get Tea Timer to CRASH a few times. Also one time I had TWO TT's showing in my tray and also in my task manager too. So I rebooted. Then after I tell TT to allow a change (and remember it too), after the second one, it will crash. Icon is still in system tray, but a mouse over will make it go away. Task manager doesnt show TT anymore. Starting Spybot application will start TT again. Though ever time I tell it to allow something, the second one will CRASH TT again.

OK, one other thing, not really a problem, just seems weird.

When you "Search for Updates", alittle window pops up. Searches, then says "No newer updates available". Hit OK, then you got to hit exit on that popup window. Is there away to make it so that when you hit the OK, when there is no newer update, that it also EXITS the popup window too? No real big deal though.

Lastly, If you would offer an option to HIDE the TeaTimer icon, I would be happy. You did give me the edition needed to be added to registry, to hide it. This option still works, but requirs manual addition to reg. Would be a nice option to have with in the SETTINGS. But if you against this, then maybe just go ahead and have the installer ADD this key in registry anyway, but with a value of "0", which we can edit later, should be choose to.

So, would be cool to have this as an offcial option with in settings, but if not can you install this in registry so all we got to do is change value.

Thanks, I will keep working with this and look foward to the next beta version!

First, I assume you have Windows XP and that its main folder is C:\Windows.

I don't have those messages either with 1.4 or 1.5. Although I don't normally use the Spybot HOSTS file (I use the one from mvps.org), I just tried adding Spybot's and removing it, and that all worked smoothly.

The path in the first two error message is obviously wrong. As shown, it looks as if it was looking for the Windows folder (%systemroot%) and its subfolders as a subfolder of

C:\Program Files\Spybot - Search & Destroy

and obviously could not find it there.

I don't know why it is doing that on your system, but I don't think it means there is anything necessaily wrong with your HOSTS file per se (it is just a text file, any errors in it would just be ignored), rather that somewhere or other the path to it has got badly mangled. It should just be

C:\WINDOWS\system32\drivers\etc\HOSTS
or
%SystemRoot%\system32\drivers\etc\HOSTS

I don't know for sure, but possibly the other messages you are getting with version 1.5 are as a rseult of the initial error, and would not appear if that were corrected.

When in Spybot, advanced mode, Tools, Hosts file page, does it show the current contents of you HOSTS file (before you click on Add Spybot's hosts list)?

You could check with Windows Explorer, see if the HOSTS file is in the correct place, and only there (you may need to first go to control panel, folder options, view tab, check show hidden files and folders, uncheck hide extensions for known file types, uncheck hide protected operating system files (click yes to any warning message), click Apply OK).
If you want to search for it, click start, search, for files or folders. In the search window, left panel, click on mor advanced options, check the first three boxes. then search your hard drive for hosts. The hosts file has no extension. If you find it, it should open in Notepad. Apart from comment lines which start with a #, the first line should be

127.0.0.1 localhost

thereafter there may be a list of entries (with or without comment lines starting with #) of the form

127.0.0.1 ad.a8.net

the first part should always be 127.0.0.1, the second part is the domain name of the site that is to be redirected.

If you find more than one file called HOSTS without a file extension (the bit after the . in most file names), delete all that are not in

C:\WINDOWS\system32\drivers\etc\HOSTS

Another minor hiccup.

When fixing a flagged system internals, the browse button does not work.

Also I think the item is incorrectly flagged. The path string gives the correct file, but without its extension and with a switch. That is a permissible way for software to point to its file, but of course if one simply tries to match the string to file names it will appear to be wrong. See pic.

Incidentally, I uninstalled the original beta and installed the one fro PepiMek's link in this thread, but the build number is the same (--- Spybot - Search & Destroy version: 1.5 (build: 20070525) ---.

Rosenfeld said:

... but the build number is the same (--- Spybot - Search & Destroy version: 1.5 (build: 20070525) ---.

Click to expand...

How do you know the build number (or date) you have installed?

When I select Help -> About, I get

Spybot - Search & Destroy 1.5

Latest detection update: 06-13-2007

Click to expand...

No build number anywhere I can see...

May I make an enhancement request here? From above post

Spybot - Search & Destroy 1.5

Latest detection update: 06-13-2007

Click to expand...

I don't like this (American) date format; to me this is immensely confusing.

Could you change that to the specified system date format; e.g. mine is set to YYYY/MM/DD, so I normally see all dates in this format 2007/06/19.

@k357mag: the updater window is a separate updater application. That was done mostly for Vista, or better: to separate processes that need different rights (updating always needs admin rights). And updating is easier to schedule this way.

Close on OK: not a bad idea, I'll try how that "feels" when using it
TeaTimer icon thing: the registry value is no problem at all (added both in HKCU and HKLM). An "official" checkbox for it is something I just fear would cause a lot of reports "my icon has gone"

@Rosenfeld: the build date is usually related to the scan engine, which hasn't changed. Good point to increase this number though.
Since this is intended mostly for internal use (e.g. if specific detections needs some engine changes identified by build number), I've updated the version number on the info page to show completely (e.g. 1.5.1.12).

I've updated the file recognition algo to be the same as in RunAlyzer, which understands such situations. The browse button is a bug of the default file open dialog, which just doesn't open if it doesn't recognize a file (not sure if this is a Windows or Delphi problem). I'll change this to pass the file path detected through the method mentioned earlier.

@pwillener: the build number is on logs (Tools -> View Report). You can also hover the mouse over the version number where you found the detection update date as well.

The date thing is a good point of course, I immediately updated that.

----

Or to compile those changes into a list:

• Update date format on info page now localized
• Displayed app version is now four digits (e.g. 1.5.1.12)
• Improved Sys Internals file location algo
• Improved hosts file location algo
• Added TeaTimer hide icon (disabled) registry value in installer

I'm still looking for reports in other places before making the changes available though

PepiMK said:

@k357mag: the updater window is a separate updater application. That was done mostly for Vista, or better: to separate processes that need different rights (updating always needs admin rights). And updating is easier to schedule this way.

Close on OK: not a bad idea, I'll try how that "feels" when using it
TeaTimer icon thing: the registry value is no problem at all (added both in HKCU and HKLM). An "official" checkbox for it is something I just fear would cause a lot of reports "my icon has gone"

----

Or to compile those changes into a list:

• Update date format on info page now localized
• Displayed app version is now four digits (e.g. 1.5.1.12)
• Improved Sys Internals file location algo
• Improved hosts file location algo
• Added TeaTimer hide icon (disabled) registry value in installer

I'm still looking for reports in other places before making the changes available though

Click to expand...

Hey thanks Pepi! I understand the fears you have with that icon accidentally missing cause some may not know what the option is that they have choosen. But having the keys already there, would be great so advanced users could still select this as a option.

I am now getting the latest updates and will continue to work with it. Is there some other area you are looking for comments on, so I can focus on that?

pwillener said:

How do you know the build number (or date) you have installed?

When I select Help -> About, I get

No build number anywhere I can see...

Click to expand...

After a scan, advanced mode, Tools, view report. It's in there.

OK, I got the latest Beta release now, installed. Everything looking pretty good. I did notice that TRACKS wasnt being cleaned and thought this to be weird. I found the other post which pointed it out to be a file extension issue, but attempting to change it to SBI, mearly made it so the file was now called tracks.sbi.uti. This may be cause TT is enabled and its protecting it some how. So I will try again with TT off. Or is there another way to change this??

The TeaTimer crash has been fixxed and seems to be working smooth now!

The TT hide option has been added to the registry and works fine with a mere change of the value from "0" to "1". This is in another location that what I was using before (HKEY_LOCAL_MACHINE\SOFTWARE\PepiMK Software \SpybotSnD). Though this new location works fine!!!

Recommend that the "New Skin for color blind peeps" be added to the next beta test version, seeing that its got the old one installed already, might as well have the latest version there already.

I have wondered if also adding the newest HELP and Language files would be good too, but, if there not using the ENGLISH language, then they wouldnt need those updated files. Though, they are already present, just older forms of them.

Yes, registry settings are now in ...\Safer Networking\... instead of ...\PepiMK Software\..., but when you first start one of the old versions, it'll automatically move over the old settings, and even if it can't do that, it'll use them in the old place as well. This registry value is also both in HKLM and in HKCU, to allow a system-wide override through the HKLM setting (this is valid for nearly all of the registry settings; this way an admin can override certain user settings).

Regarding updates: yes, I need to go through the list and check which updates are already included in the installer, and make sure they're only shown to older versions. Already did so for languages (not uploaded yet though), help files etc. will follow (though since help files are not very small, they'll probably not all go into the installer).

The file extension thing sounds more like Windows "preserving" extensions during rename operations, e.g. if you've got Explorer set to not show file extensions.

in the latest beta 1.5.1.12 when i click search for updates button it starts searchin too fast. i mean you dont have time to click the search for betas button and the download languages button. i know i can do these in the setting section but if you have put those options there i think we should have time to click them . by the way why did you remove the secure shredder function. i was using it even if it is not a very great function it is a function :bigthumb: