Is it possible to change the updates of Spybot SD into a, as we call it in german, "Inkrementelles Verfahren"?

Wolfgang

wolfgang:

For those if us who don't speak German does "Inkrementelles Verfahren" mean "incremental procedure"?

I think, that is ok !

Wolf :)

Wolfgang's posting actually refers to "incremental updates".

- Instead of downloading a full 'payload' of the detection rules every time, just to download only what has changed since the last update.

It's possible Wolfgang, the real question is how difficult would it be and how much of a priority is it?

The issues with the exploding size of the Detections Updates has been discussed both here on the forums and by the Spybot Team for months. Since something like an incremental update capability would require a major re-write of the Integrated Update system within Spybot S&D, it's not likely we'll see such a change in other then a major release of the program. Since the main issue seen by most users has been 'Bad Checksum' errors due to overloaded update servers, that's where most of the effort has been placed recently.

That's not to say it isn't important, since reducing the size of the required update would help not only those with a low bandwidth Internet connection, but also would reduce the overall load on the servers, which potentially helps everyone.

However, there is a basic problem with incremental updates and the current Intgrated Update system design. In an effort to protect the detections database the Spybot Team has created, the Includes files containing the detections are encrypted. This means that simple systems that append to the existing detections aren't possible currently.

Since the detections themselves aren't simply static 'signatures' like with antivirus, rather multiple combinations of registry and file descriptors, any change in these would require the re-release of that detection and thus at least that entire file. Even using an 'overlay' approach that could identify and delete out of date detections and replace them with newer updates would require the original file sizes to increase to include index identities and also increase overhead/delay during the database load at program startup.

With the existing design, the best that could be done is to update only those includes files (.SBI) that have changed. However, a quick glance shows that most or all of these currently change every week. So only a massive re-design of the entire database system might make it possible to create an effective incremental update system. Though I might be missing a simpler solution, I don't see a short term solution using incremental updates.