SpyBot S&D

[westin]

Anyone still using SpyBot S&D? I downloaded it from download.com to run on an infected machine... but when I started to update the definitions, I noticed that the def update was dated 2009. I am not sure if it really hasn't been updated since then... but that would make it painfully out of date. The immunization defs were pretty recent [at least 2011]... Anyone have any information on this? Should I consider it EOL?

[nihil]

Hi there westin, good to hear from you again, I hope all is well with you and yours.

SpyBot S&D is very much alive and kicking.............please go to the official site (there are other freebies to be had there ) :

http://www.safer-networking.org/en/download/

I just looked, and you can download definitions for 9th November............2011 of course. They update at least once daily, although there might be more frequent "beta" updates?

I can't remember if you need to with Windows 7, but with Vista you certainly need to right click and run it as administrator if you want to update the immunization, otherwise it won't be authorised to do some bits of it.

Cheers

EDIT:

I have just downloaded and installed it on this Windows 8 Developers' Preview test box. I see what you mean, but I think that those are the base definitions that you get with your first update after installation. I ran the update routine again and it said that there were no newer updates. It looks like you get the original files with the cumulative updates included.

I have since updated it on an XP pro box that has been running it for some time with regular uppdates. I got:

Base Malware detections 2 November, Most Updated Definitions 9 November and Base Adware and Spyware Detections 19 0ctober....all 2011 of course

These would be the latest cumulative update installments.

[westin]

Always helpful, nihil - Many thanks!

[HYBR|D]

I still use it.

As already mentioned yes they are still releasing regular updated definition files.

on win7 you need to right click the spybot icon and select "Run as Administrator" otherwise it runs the app with restrictions.

also run it in safe mode with networking. I have found in the past i was able to always get better "cleaning" results when i run these sorts of applications via safemode, then once finished reboot into a normal user session.

[nihil]

Same thing with Windows 8, you must start it "As Administrator" even though you have logged in with an "administrator" account.

[foxyloxley]

I generally use filehippo.com as my preferred D/L site
and SpyBot S+D is still a goodie
but some of the bad guys are aware of it
and can hide from it, even disable it
I found the malwarebytes antimalware is a goodie
http://www.filehippo.com/download_ma..._anti_malware/
doesn't seem to have too much overhead, and as a new toy on the block, not all of the bad guys are aware of it, and therefore cannot hide from it

and if you are using SpyBot, don't forget to use the immunize option too

[westin]

I have been using MBAM for a while. I love it. That is usually my first attack on an infected machine [after running ccleaner, of course]. I have also been using some of the bootable rescue CDs. I hadn't used spybot in a year or more, and the definitions date confused me. Nihil cleared that up though. On occasion I will also pull out Combofix if it is a particularly nasty infection. If that combination doesn't remove all of the junk, time for an OS reinstall.

[Cider]

I have been using MBAM for a while. I love it. That is usually my first attack on an infected machine [after running ccleaner, of course]. I have also been using some of the bootable rescue CDs. I hadn't used spybot in a year or more, and the definitions date confused me. Nihil cleared that up though. On occasion I will also pull out Combofix if it is a particularly nasty infection. If that combination doesn't remove all of the junk, time for an OS reinstall.

I somehow disagree with you ... any infection can be cleaned unless data is stolen (in that case I would format). MBAM is decent but imo does give alot of FP's from what I have seen.

Everyday working in the antomalware space I am seeing that its not about what AV you are running on your machine / cor network, its how the network is structured , policies , etc etc. Spybot is also not bad.

Sorry - tangent /over

[westin]

I am not saying that the infection cannot be cleaned. I am saying that at that point, it is less time consuming [generally speaking] to reload the OS than it is to be sure that the infection is gone.

I definitely agree with your second statement. I have some very strict policies in place on my network which prevent executable files from running out of temp folders, application whitelisting, no users run as admin, etc. I have not had one infection since I started implementing these [the machine that I mentioned in my original post belonged to a friend of a co-worker's]. This setup is a bit of a pain to get set up at first, but well worth it.

[Cider]

I am not saying that the infection cannot be cleaned. I am saying that at that point, it is less time consuming [generally speaking] to reload the OS than it is to be sure that the infection is gone.

I definitely agree with your second statement. I have some very strict policies in place on my network which prevent executable files from running out of temp folders, application whitelisting, no users run as admin, etc. I have not had one infection since I started implementing these [the machine that I mentioned in my original post belonged to a friend of a co-worker's]. This setup is a bit of a pain to get set up at first, but well worth it.

I am liking your policies (I have seen you mention them in a previouos post). Care to share your implementation or should I just google it?