Ok, it's time to announce the second big feature in Spybot-S&D 1.6 I think

Next to the time a scan takes, what is the second biggest complaint? Probably missing detections for various threats. What can be done about that? We decided for a way that has the most advantages in our opinion: opening up our database to anyone willing to help.

The OpenSBI Wiki

The OpenSBI format is an additional database format understood by Spybot-S&D that intends to offer detection options in a user friendly way, by offering a text syntax that uses a simplified structure. While it does not offer everything we can do in official SBI databases, it should be much easier to learn.

The aforementioned wiki is a new place filled with exact documentation on how to create custom detection databases, helpful tools, and more.

The wiki is available to registered users only currently. If you are registered here at the forum, you can use the same login information for the wiki. Write access is currently also disabled for non-expert groups (no offense meant, just trying to avoid yet another place that constantly needs to be checked for spambots ).

FileAlyzer OpenSBI Edition

The OpenSBI Edition of FileAlyzer, linked above in new beta version 1.6.0.3, offers various options to refine file detection parameters by offering you to convert many of the file properties you see into advanced file parameters.

RegAlyzer OpenSBI Edition (link updated to 1.6.0.12)

The OpenSBI Edition of RegAlyzer offers you to convert registry values and keys into various OpenSBI registry commands.

RunAlyzer OpenSBI Edition

RunAlyzer offers you to create OpenSBI commands for various types of entries from their context menus. Just right-click them and look out for Copy SBI rule to clipboard.

OpenSBI Edit Lite

Using a text editor to create detection databases would be error prone and complicated, so we've deciced a code editor for just this special purpose. This editor supports syntax highlighting, code completion and context sensitive help.

Still, writing everything by hand is a lot of trouble, so we went ahead and created some import filters. With just a click, you can take the output logs of for example InCtrl5, HijackThis, SysInternals' FileMon or RegMon (with a public importer plugin interface that allows every developer to easily add more), select those entries on the list that belong to the malware you've monitored, and it will convert them to ready OpenSBI code.

The editor will be available for download as well soon, until then, the link above will just lead to the wiki page describing it

More to come...

There are more features for OpenSBI in work (one important missing part you might already guess), so stay tuned.