Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: SpyBot S&D

  1. #11
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    They aren't too hard to implement. I use software restrictions policies on the computer part of the GPO to block exes from %temp% %tmp% etc. This can cause some problems with installations, but you can always remove the restriction, run the install, and then add the restriction back.

    The exe whitelisting is a bit more tedious. It is easy for a user to bypass, but it seems to prevent several malware infections. I haven't seen any users bypassing it, but that obviously doesn't mean that they aren't. I use the 'Run only allowed Windows executables' on the user side of the GPO. You basically just build a list of allowed exe names.

    Having users run without admin privs seems to be a key element in our stability. Sure, it means a bit more work for me, but it pays off in the long run.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #12
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    I have found Spybot to be lacking in the past couple years. My preferred spyware program is MBAM and secondly SuperAntiSpyware. However, Spybot is good at finding PUPs and modified Windows security settings in the registry so I usually finish up with that.
    sandwich.

  3. #13
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well I use MBAM and Spybot as they do tend to find different things. One additional comment is that MBAM is updated very, very frequently, whereas SpyBot isn't quite so often.

    Another one I use is A-Squared, as once again it will find different things.

    Mainly I am dictated to by customer requirements, which are usually "quick and cheap", so a reinstall is frequently the obvious answer.

    I would agree that most things can be cleaned unless it is one that replaces executables with its own code. You would have to do a repair install anyway so no advantage in letting an AV delete the files for you.

    If I find a rootkit or suspect that a trojan has actually run on the machine I would also reinstall as a matter of course.

    I think that you need to look at how your anti-malware works as well?

    I get calls from people that their AV has reported a virus (usually a trojan as it goes). What has actually happened is that the AV has detected something possibly nasty and has blocked access to it and issued an alert.

    Sure, it's still there waiting to happen, but the AV won't let it run, unless you turn the AV off............. now if they have done that I ALLWAYS reinstall .............." haven't backed up your personal data? oh dear!"

    Other AVs will quarantine suspicious stuff, but I never let an AV go ahead and delete without human intervention.

    I take the view that once you have let it out of the bag then you don't know where it has gone, so a repair install is inadequate.

    I believe that the most important feature of security software isn't the speed of scan or whatever they actually detect, it's what they detect at the perimeter and prevent from happening unless you OK it. At that stage in the game I really don't mind false positives.

Similar Threads

  1. Norton incompatible with AVG and Spybot S&D... Your Recommendations?
    By Goitz in forum Newbie Security Questions
    Replies: 10
    Last Post: April 19th, 2006, 11:02 PM
  2. Having Trouble with Spybot S&D
    By deadfreeze in forum Spyware / Adware
    Replies: 52
    Last Post: September 1st, 2004, 05:23 PM
  3. Spybot S&D - Spyware Blaster
    By netspyder in forum Spyware / Adware
    Replies: 6
    Last Post: May 9th, 2004, 07:03 AM
  4. Spybot S&D
    By AngelicKnight in forum Spyware / Adware
    Replies: 11
    Last Post: January 6th, 2004, 03:13 PM
  5. Problem with Spybot S&D
    By cutty in forum Newbie Security Questions
    Replies: 9
    Last Post: October 16th, 2003, 08:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •