PDA

View Full Version : Spybot Christmas Presents, Part 3: Distributed Testing



PepiMK
2007-12-18, 09:35
Our second present is one to us as well as to our users. One of the downsides of our tripple-layered testing of updates is that it takes 8 to 14 days for a newly written detection to get to you. Participating in beta reduces that to 1 to 7 days, but of course we want to deliver well-tested updates to everyone as fast as possible.

Just increasing the number of local machines to test is not really improving things too much, as all those software installation combination in the wild are a very dynamic thing. So we thought about a different, more community-like, approach: we've decided to implement a distributed computing concept.

You may know existing distributed computing projects: Seti@home (http://setiathome.berkeley.edu/) for example uses the power of a huge community to look for extra-terrestrial live, Folding@home (http://folding.stanford.edu/) uses a huge community as well to possibly find more understanding about dieseases like cancer. Spybot-S&D Distributed Testing (SDDT) isn't helping you to make phone calls to Alpha Centauri, nor does it cure diseases, but then, it's also not really taking that much processing time away from those if you would use them. It uses the same community power though: the results of the scans of many real live machines, maybe including yours, will help us make safer and even faster updates available!

Download: http://forums.spybot.info/downloads.php?id=19

Once installed, this'll run as a system service (thus only on NT/2000/XP/Vista, though a stand-alone version for 9x/ME is included); you'll probably never notice it since it scans with the lowest available process priority, and it doesn't fix anything. But if you want to take a look at what it does in the background, you can always open the console window:

http://www.safer-networking.org/images/spybotsd/sdistest1.png

PepiMK
2007-12-18, 09:37
Ok, didn't want to annoy you with too much text, so I split the technical details into a second post that you don't need to read if you're just interested in helping and not in exactly how it works ;)

Still reading? Ok, so here we go: whenever our detectives have finished some parts of work on new detections, this gets immediately uploaded into SDDT (Spybot-S&D Distributed Testing), where the SDDT client installed on your machine downloads any new test sets from. This client uses a special, read-only (to prevent F/Ps causing any problems) version of the command line scanner to do these scans - much like you know from Spybot-S&D itself, only that it happens with a very small detections file only (much faster obviously, only a few seconds per file), totally invisible to you, and with idle priority, meaning it won't reduce computing power for any other running application. The results of the scan are then sent back, and usually our detectives can see within an hour or two that their work doesn't cause any false positives.

In the long run, this should allow us to spend more time on writing new detections, while at the same time allowing us to make updates available faster, since your help offers a much broader range of system configurations to test on. And since the client is read-only, don't be afraid of F/Ps in the background - they're the whole purpose - doing no harm to your system and informing us to get them fixed before the official update is out!

sims39
2007-12-18, 13:55
oi PepiMK you are a genius, seriously turn gay and marry me. But honestly i like this idea, i wonder if you can manage all the reports/logs that get sent to you though, nice though, i suppose you make the logs highlight problems/false positives and compare them with other logs.

anyway with distributing this, maybe put it in the spybot category but include it in the spybot installation but as a tick box option.

chewdz
2007-12-18, 13:58
it would be good if this feature could be added into future versions of spybot:santa:

PepiMK
2007-12-18, 23:09
No need to be afraid of problems with handling all those reports; this has a nice backend for our detectives that has a mode to only list relevant entries, on multiple levels... first just files that have scan results at all (zero results mean no F/P usually... unless th first really infected machines start to participate I guess ;) ), then all revisions of that file (where only the most current one is of interest usually), and only then a list of all logs.
We used it at the office and at private machines of team members for about two months I think before making it public, so we had a few chances to make improvements in handling of the data already :)

Adding it into Spybot-&D sounds like a huge step... that would possibly mean millions of scan logs! Let's scale this slowly, see how it behaves with a growing number of testers (that's why you can't set up a smaller interval than 60 minutes :D ).

Would even be kind of a remote scanning service if it would be part of the main package, because if you specify your email address and a possible false positive would be a real infection, you would get notified immediately probably. Hmmm... I need to keep this in some distant corner of my mind for the future (a bit too much to advertise it thus in a 1.0 version, would need some more features anyway, like automated submission of detected files for further analysis etc. :D ).

Update: added a project tools category (http://forums.spybot.info/project.php?projectid=9) for it, to write down the first few feature requests :)

Rosenfeld
2007-12-19, 02:35
If you do add it to Spybot, please make it an opt in option. Some might not want to participate.

PepiMK
2007-12-19, 13:19
As I said, having to participate every Spybot-S&D user would mean millions of logs; we wouldn't them rushing all at us, so it probably would even be a well-hidden opt-in option ;)

129260
2007-12-19, 19:30
but i have dial up, do you need to have broadband or will dial up work fine for sending the reports back?

chewdz
2007-12-20, 13:32
If you do add it to Spybot, please make it an opt in option. Some might not want to participate.

i agree with Rosenfeld to put an option but would it be a opt-out or a opt-in thing?

PepiMK
2007-12-20, 13:36
@129260: sure, the files in itself are quite small, the reason I mentioned broadband is that broadband access usually is permanently connected. This client just assumes an existing Internet connection, so if your dialup means you're not permanently connected, I would suggest to not use the system service (you can disable it during installation), but use the "stand-alone" version when you're online :)

@chewdz: as you can see two posts above yours, purely opt-in :)

129260
2007-12-20, 19:16
will do! :) Anything i can do to help spybot get even more better!

hpwamr
2007-12-21, 22:41
Formidable idea , I have installed it on 3 PC's. :2thumb:

beltman713
2007-12-22, 05:00
This program is constantly accessing my floppy drive. About every 5 seconds.

PepiMK
2007-12-26, 13:31
"Constantly", or only while the console shows you it is scanning (every 5 seconds = for each file it tests)? That's probably the same "floppy access" thing also found in 1.5.1.15, see bugtracker ;)

beltman713
2007-12-27, 00:17
Yes, while it is scanning.

wk357mag
2008-01-02, 17:40
All my rigs run FAH 24/7, but I think I can give one up for this cause! So Im on board!!

Good Job Pepi

wk357mag
2008-01-05, 09:18
There is actually no problem with running this AND folding at home, or other distro project at the same time. When Spybot Distro actually gets work, it takes no time at all for it to run its checks. So you can leave them both running same time. Works good and I can see how this will actually help you out alot.

How many rigs are there running your distro at this time? Is it enough to make a differance
?

PepiMK
2008-01-07, 17:17
Todays test sets may have showed a possible problem: we did add a standard service to test services detection through SDDT, and found that it might hang the testing system.

Therefore, the link in the first post has been updated to link to version 1.0.2, which does not hang there, and has the additional advantage of offering a button to look for an updated version from within the software, and more important storing the duration of a scan inside the log, so that we can do speed tests as well.

Links to changes in project tracker:

Bug: Scan hangs when services identified (http://forums.spybot.info/project.php?issueid=170)
Feature: Include duration in log (http://forums.spybot.info/project.php?issueid=169)
Feature: Integrated look-up for updates (http://forums.spybot.info/project.php?issueid=171)

wk357mag
2008-01-07, 20:06
LOL, I love that little pop up, I guess you didnt want me checking every 10 minutes for new stuff! lol

Future request, can you make it remember the window position?

BetaTester155
2008-01-08, 04:41
1.0.2.0 seems to be running quite smoothly now. Before i had to open the stand-alone client for the darn thing even to start and it still hung, but now that bug is gone! I really appreciate the time that you guys put into spybot and all the other little tools that you make. I'm just glad i can help you guys out in some way in your fight against malware!!!! :yahoo:

sims39
2008-01-13, 02:28
hey pepimk, i was wondering when are you going to put this program int he list of programs on this site

PepiMK
2008-01-13, 21:24
Good question. I think it was good to test here first, see the bug we found.
Also, take a look at Distributed Testing (http://forums.spybot.info/project.php?projectid=9) (the project tracker page about it): issue 174 (Test only last N days test sets (http://forums.spybot.info/project.php?issueid=174)) needs to be addressed I think. And issue 169 (Include duration in log (http://forums.spybot.info/project.php?issueid=169)) is implemented on the client side, but not fully used on the server side yet.

wk357mag
2008-01-31, 20:01
1/31/2008 12:31 PM Damn, could not upload results, will try again later!

To funny! Glad Pepi isnt a gAnStARaPp3R! or it would be "Shiat mofo, dat beotch aint be uploadin

:D"

PepiMK
2008-02-01, 11:14
Oh, did I add such an error message? :lip:
Guess I hoped it would never appear :D:
Might be the server was a bit too buzy thanks to all the 1.5.2 visitors ;)

wk357mag
2008-02-01, 11:21
Damn! Keep it, I like it!

neilpenny
2008-02-05, 14:49
I'm getting a error when starting up xp sp3 beta, I've tried sening a error report through SdistTestConsole.exe but I'm just getting a error box with 'Sorry, sending the bug report didn't work.

I've taken screen shots of the error report instead.

Neil.

neilpenny
2008-02-05, 16:09
http://img215.imageshack.us/img215/6595/error1uw7.th.png (http://img215.imageshack.us/my.php?image=error1uw7.png)

http://img98.imageshack.us/img98/2999/error2fh2.th.png (http://img98.imageshack.us/my.php?image=error2fh2.png)

PepiMK
2008-02-05, 20:56
Out of resources while using only 7 MB... interesting :D
Thanks, will take a look at where exactly this is happening (from the message, it seems the errors comes when creating the tray icon shown when the console gets minimized)

Becky
2008-04-20, 04:12
"Download: sddt-1.0.2.exe
(attention: version updated to 1.0.2 on January 7th)

Once installed, this'll run as a system service (thus only on NT/2000/XP/Vista, though a stand-alone version for 9x/ME is included)"

OK, I have an old W98 and I wanted to test the sddt (V1.0.2) on it.
I found 1 problem and 1 sugestion

Problem: When installing it goes well until "Extracting files...". There it stays for more than an hour, doing nothing, I can work but it never finished. I attached a zip file with the list of files saved under Program Files and a gif of the Setup program, so you can see where it stops

Sugestion: There is a file (bugreport.txt) that I think has too much info of your machine, there are a lot of hackers trying to find out how to :spider: So if it really does not need to be there, take it out!

Thanks

PepiMK
2008-06-13, 12:17
Current version outdated, replaced with 1.6 version

(sorry that I have overlooked your problem, Becky :red: Suggestion appreciated, the other part is an installer problem, not sure what I could do there, need to think a bit about it)

ChrisWarFi
2008-06-19, 01:31
Hi! I'm not sure if this is a bug or an intended change:
Running the Stand-Alone client, with interval of 3600 seconds (1 hour), but I downloaded and tested 4 tests in the space of 2 minutes... is that right? last time i downloaded and tested about.... 15/20.. :sad: me confused! - Chris

PepiMK
2008-06-19, 04:16
Tests are split into single malware product tests.
So even if it checks only once an hour, it may find N different tests when checking, and processes all N tests at once of course.

ChrisWarFi
2008-06-19, 18:20
Ah right, so it'll look for -new- tests every hour, nothing to do with heavier traffic from tests. Misunderstood :oops:

Also, can't seem to get the service to run, using vista. The console's fine, but get (Could not start service!) :( - Chris

129260
2008-06-21, 06:45
Ah right, so it'll look for -new- tests every hour, nothing to do with heavier traffic from tests. Misunderstood :oops:

Also, can't seem to get the service to run, using vista. The console's fine, but get (Could not start service!) :( - Chris

clicking stop service. then start service. That worked for me. :) if it says started succesfully in the text, its fine and running.

ChrisWar666
2008-06-23, 22:31
clicking stop service. then start service. That worked for me. :) if it says started successfully in the text, its fine and running.
:( Nope.
"(Could not stop service!)
(Could not start service!)"

Also got an error when I tried to apply settings (even though I didn't change anything!), seems to be that Testing Console needs elevated privileges (as I installed in Prog Files)
Getting above service error even with Admin mode. - Chris

Edit: Mmmm, a scan with a result! Just a registry entry ending "WmiApSrv\ImagePath" :|

129260
2008-06-23, 22:50
:( Nope.
"(Could not stop service!)
(Could not start service!)"

Also got an error when I tried to apply settings (even though I didn't change anything!), seems to be that Testing Console needs elevated privileges (as I installed in Prog Files)
Getting above service error even with Admin mode. - Chris

Edit: Mmmm, a scan with a result! Just a registry entry ending "WmiApSrv\ImagePath" :|

deleting the program and try reinstalling it. clear out all folders and registry entries. Also, make sure your firewall will allow the program to access the Internet.

ChrisWar666
2008-06-23, 23:01
OK 129260, doing so now. Strangely enough there wasn't an uninstall option from the start menu, had to go to the dir and select.. it may have got confused with the SB uninstall, but that still directs to SB..

During uninstall: System Error Code 1060. The specified service doesn't exist as an installed service :(
*waves bye bye to logs*. - Chris

Edit: any idea where the reg entries are: Searched SDDT but didn't find anything.
Pepi: Put the link on the front page? Or not? :(

129260
2008-06-23, 23:30
try downloading and then installing it again even though there are traces of the program there........the registry entires i found were right next to spybot. They were called distributed testing. The service has the same name. Right click my computer-manage-go to services. see if its in the list. if it is, click restart and see what happens.

ChrisWar666
2008-06-24, 00:01
Pepi: made two suggestions (see posts titles), in case you missed them.

129260: No service, the only one i have the is security centre integration.
Have got the files to do a reinstall now, will do so tonight and post back :) - Chris

129260
2008-06-27, 01:15
Pepi: made two suggestions (see posts titles), in case you missed them.

129260: No service, the only one i have the is security centre integration.
Have got the files to do a reinstall now, will do so tonight and post back :) - Chris

keep me posted!!

ChrisWar666
2008-06-27, 23:15
Seems to have done the trick, have the service up and running now. It could have been a Windows Vista problem, this time i ran it with admin privileges. but if it was, then how did it install in the program files? :| - Chris

129260
2008-06-28, 02:30
Seems to have done the trick, have the service up and running now. It could have been a Windows Vista problem, this time i ran it with admin privileges. but if it was, then how did it install in the program files? :| - Chris

glad to hear everything is fixed, and honestly i have no idea. the point is its fixed haha.