Suggestions

PepiMK said:
You can specify /silent (or the "bigger" /taskbarhide) on the command line to skip this warning :)
Click to expand...

What command line?

Not that I don't know what a command line is, but if one is running automatically, there is no place to put this command line option in.

Please elaborate.

Same issue with the reference to the /silent documentation - the options are present, but no description of how to make use of them.
 
unsolicited:

You can add the command line parameters to the scheduled task. For example: by adding the following parameters, Spybot should start, update, immunize and close:
Code: 
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoupdate /autoimmunize /autoclose /taskbarhide
For additional information on command line parameters that can be used, see the following:
 
I'm not so familiar with the programming languages, but it would be fun to know how ClearType can be integrated into Spybot, like it uses CT by default if the user's machine has CT enabled.
 
Suggestion for Speed Improvement

Hi, thanks for this great software, it's good to see how the best stuff is still free (as so often) and that you're sticking to it for so long. I hope this is generating good business for you and that you managed to get in tune with that mystical Girl we've been praying for ;)

I just read on your frontpage people complain about speed, and even I am twiddling my thumbs for the hour it takes to scan. So here my suggestion as a software designer, programmer, and database person:

Your scanning algorithm seems to follow the following nested loop structure:

for(threat in ALL_THREATS) {
for(fingerprint in threat.fingerprint) {
for(fingerprintOnObject in fingerprint.affectedObjects) {
fingerprintOnObject.check();
}
}
}

problem with this is a lot of random access seeking 300000 times the same 100000 objects, hitting the registry 200000 times and >100000 times the same <10000 files. Instead, how about streaming the registry and files through a filter that looks for all fingerprints per file rather than files per fingerprint?

for(object in ALL_THREATENED_OBJECTS) {
for(objectThreatFingerprint in object.threatFingerprint) {
objectThreatFingerprint.check();
}
}

that way you check every object (file, registry key) only once and each time you check for all known threat fingerprints. I think you could get a 10x to 100x speed improvement out of that.

What do you think?
 
Usability Suggestion

I have one more suggestion about usability. The other day I had a very ugly virtumonde infestation. And eventually it killed my setup to the point where I rebuilt a Windows machine (after > 5 years and 1 hard drive crash). The problem was something was deleting WINDOWS/system32/drivers files (pci.sys was gone). But why did I even restart?

I restarted because I was trying to kill winlogon before killing that sdss (sp?) process. And I did that because I loaded up some new process killer which I had to do for the first time and hit the wrong button then the machine came down never to boot again.

This shows:

- you want to avoid rebooting during clean up as much as you can

- when something bad has happened, any user will be executing unfamiliar
stuff under a state of stress with possibly limited access to information (if the browser has a "helper" that spawn malicious processes, you don't want to run the browser to read the fine-print.)

So, therefore, the more that Spybot S&D is able to kill processes automatically so that it can stop the spawning of malicious processes and insertion of registry keys, the better it is for a successful recovery. That new (?) virtumonde thing can probably teach a lesson into how it could work. You need to

1. kill the system-process (winlogon?) that spawns processes and inserts keys

2. while keeping the machine from shutting down and rebooting

3. do a sanity check on system files required for the next reboot

4. restore those files from a backup previously stashed away (outside of the recovery checkpoint function, which is affected by the same malware.)

and finally

6. Protect Spybot S&D from becoming itself a target for malware (keeping in mind that with increased popularity comes increased exposure.)

Thanks for all you have already done!
 
6. one small attempt in the current version are the randomly named copies of main executables in the Spybot-S&D folder and that they're marked system & hidden. We have two much stronger concepts at hand for 2.0 though. Not sure if I should mention them here to allew malware creators to counteract before they're even available :D:

As for the other stuff, you're right there of course, but I wonder what you would think about the bootable CD thing (insert a CD, boot from it, clean stuff while your system is inactive and malware can not interact/conflict) compared to your suggestions?

edit: overlooked the post above. actually, there is quite of lot of optimization in avoiding multiple lookups. Most of the commands and parameters use pre-created and optimized caches. Whether your suggestion would be a speed improvement or slowdown depends a lot on comparing the number of files to the number of patterns, and modern Windows installations grow quite huge, and has other disadvantages. As for the direction of comparing things, did you see this blog post? I tried to explain a bit about the difference of the two possible approaches and why we feel a hybrid would work best.
 
Last edited:
PepiMK said:
As for the other stuff, you're right there of course, but I wonder what you would think about the bootable CD thing (insert a CD, boot from it, clean stuff while your system is inactive and malware can not interact/conflict) compared to your suggestions?
Click to expand...

The bootable CD would be a good thing, very certainly. That's something to want to have handy at all times. Sometimes I see some haphazardly thrown together Linux bootable CD with stuff that then doesn't do so much. But would be neat to have this for Spybot.

PepiMK said:
As for the direction of comparing things, did you see this blog post? I tried to explain a bit about the difference of the two possible approaches and why we feel a hybrid would work best.
Click to expand...

O.K. I'll read this. You probably already do the right thing then. Just wish there was some magic to make it all go faster.
 
do you think you could take a look at adding support for this to the app becouse this will not only make the program a whole better but more user friendly to. http://www.CompatDB.org http://compatdb.org/faq-96.html. and could you possable add support for http://www.ntcompatible.com witch is ran by same people as CompatDB.org

The CompatDB.org project is an attempt to create a free (as in the freedom) standard for user submitted compatibility lists as well free compatibility lists for Windows, Linux, and Mac OS. The provided compatibility lists as well the XML-based CompatDB.org document format are licensed under the terms of the GNU Lesser General Public License (LGPL) and can be used in both open source and commercial projects for free.
 
I didn't find a single product with the newest version or even a next-to-newest one listed, but more important: how would you thing it should be integrated? Just by itself, it would be far from anything else by topic (and in this case, looking p things online would always be more up-to-date). In the tools section, System Startup and Uninstall list installed software in a way, but do these entries use the exactly same names as Uninstall entries for example? I does not seem so, and associating thousands ore more of entries with additional data so that it could be used does look a bit time consuming.
 
I have some suggestion for the Spybot team.

Resident available for Firefox.
Better detection for ad-ware, malwares, dialers, keyloggers, trojans and worms.
Reduce memory usage during scan.
Increase the amount of updated threats.
More updates(not weekly).
 
An idea (I'm not sure if it's already getting implemented.).
Integrating SDDT in Spybot 2.0 or later.
Adding more testing features to SDDT.
Uploading malware samples for instance muha:
(or at least the information that is needed for more research, hahses, location file(s), and such.)
 
Last edited:
Suggestion for Spybot 2.0

It's probably too late to post this suggestion for Spybot 2.0 but I wanted to suggest providing a separate icon for accessing the Spybot logs. I tend to configure Spybot to run as automated as possible to make it as easy as possible for people to run it. This way, I can "train" them to simply click the Spybot icon on a weekly basis and it will automatically update and immunize the system.

Accessing logs with Spybot 1.6.2 is a pain since I have to wait for the automated functions to complete before I can access the Spybot console window.

I do realize I can access the logs from Windows Explorer but that requires changing folder options to reveal otherwise hidden folders.

Spybot 1.6.2 has a separate update icon in the Spybot folder in the start menu and I think adding a separate "view logs" icon would provide quick access to the Spybot logs, for those who configure Spybot as I do.

Peace...
 
Spybot- FileShreader

Spybot- FileShreader

this already has 'templates' to shread specific directories, im more than curious why the recycle bin directory wasnt included in it, as it would logically be one of the more pertinant places to use it?
 
My suggestion is to get this new version out before Spybot becomes totally irrelevant. It's amazing how many users have dropped the product lately. The current version is outdated and it makes the situation even worse when it takes so long to catch up. I really mean well but this 2.0 development has taken waaaay too long guys, MBAM & SAS (among others) have taken the ball and ran away with it. I would like to use S&D but there's no point anymore, it's just not as good as the alternatives. What's more, the alternatives continue to pull further away while development drags along for V 2.0. These days you can't take this long between development cycles, whether that's good or bad it's simply the way things are.
 
Watasha said:
My suggestion is to get this new version out before Spybot becomes totally irrelevant. It's amazing how many users have dropped the product lately.
Click to expand...
I'll admit, if it weren't for the immunization there would be no case for keeping Spybot on my system; I've even disabled TeaTimer because it bogged down my system with no real benefit. Now I just navigate to my Spybot folder, run the updater, then open Spybot and go straight to Immunize and that's it.
 
You must log in or register to reply here.
Back
Top