Suggestion for Speed Improvement
Hi, thanks for this great software, it's good to see how the best stuff is still free (as so often) and that you're sticking to it for so long. I hope this is generating good business for you and that you managed to get in tune with that mystical Girl we've been praying for ;)
I just read on your frontpage people complain about speed, and even I am twiddling my thumbs for the hour it takes to scan. So here my suggestion as a software designer, programmer, and database person:
Your scanning algorithm seems to follow the following nested loop structure:
for(threat in ALL_THREATS) {
for(fingerprint in threat.fingerprint) {
for(fingerprintOnObject in fingerprint.affectedObjects) {
fingerprintOnObject.check();
}
}
}
problem with this is a lot of random access seeking 300000 times the same 100000 objects, hitting the registry 200000 times and >100000 times the same <10000 files. Instead, how about streaming the registry and files through a filter that looks for all fingerprints per file rather than files per fingerprint?
for(object in ALL_THREATENED_OBJECTS) {
for(objectThreatFingerprint in object.threatFingerprint) {
objectThreatFingerprint.check();
}
}
that way you check every object (file, registry key) only once and each time you check for all known threat fingerprints. I think you could get a 10x to 100x speed improvement out of that.
What do you think?
Suggestion for Spybot 2.0
It's probably too late to post this suggestion for Spybot 2.0 but I wanted to suggest providing a separate icon for accessing the Spybot logs. I tend to configure Spybot to run as automated as possible to make it as easy as possible for people to run it. This way, I can "train" them to simply click the Spybot icon on a weekly basis and it will automatically update and immunize the system.
Accessing logs with Spybot 1.6.2 is a pain since I have to wait for the automated functions to complete before I can access the Spybot console window.
I do realize I can access the logs from Windows Explorer but that requires changing folder options to reveal otherwise hidden folders.
Spybot 1.6.2 has a separate update icon in the Spybot folder in the start menu and I think adding a separate "view logs" icon would provide quick access to the Spybot logs, for those who configure Spybot as I do.
Peace...
add 127.0.0.1 localhost to blocklist in hosts
Hello,
I would have a suggestion for the immunize function. In particular for the modification of the hosts file.
I don't know if it is the immunize function that sometimes messes up or if the user have messed up their hosts before, but about once every two month I treat a case on the forums where the user is terribly scared cause his PC is connecting to 007guard.com all over the place.
The reason usually is that 127.0.0.1 localhost is missing and the first line has become 127.0.0.1 007guard.com, so that all connections connectiong to localhost are then showing as connecting to 007guard.com.
I thought it might be worth a shot to add "127.0.0.1 localhost" as a first line of the list for immunizing hosts, to prevent this kind of scare. I imagine this would be easy to implement and would prevent the FP.
regards myrti
Beta 2 working well ... Windows 7 Premium X64
Day 2 of operation and all is well...
I went through it and set it up the way I always have. Pretty much manual Except for update.
Not sure if I'll be able to spend the time to go through all the possible scenarios, but doing file scan, system scan, updating ... they all worked well. I have on-access turned off because of the 2 other software doing that function here.
Sophos 9 enterprise type anti-virus with on-access scanning plus Malwarebytes real time enabled also. (Sophos seems very sensitive to many things but at least I get a warning and can research further. I have it set to heuristic ultra paranoid mode and it lives up to it, it seems) quite a few false positives but I'm sure the University network that supplies it likes it that way :-)
just an FYI
Floyd
Vancouver
Canada
:band:
spybot search and destroy should have clean on reboot option
hi spybot search and destroy should have clean at reboot it ensures effective malware cleanup it has been already implemented in lavasoft spyware doctor
Some thoughts for PE users of version 2
Perhaps these have been discussed already, but I don't see them...
- It would be nice to be able to exclude entire drives from scanning. Maybe there is one already, but I don't see it. When running under Windows PE, I think it's safe to assume no need to scan drive X and (sometimes) drive Y. Not a big deal.
- It sure would be nice to be able to update from the command line (e.g. when building a PE) and have all windows close automatically when done. The old "SDUpdate.exe /autoupdate /autoclose" doesn't close the main update window when finished.