Being a fearless virus fighter is just
a tiny part of a modern antivirus tool’s job. Viruses don’t make money, and cashing
in is the name of the modern malware game. Trojans that steal bank accounts and
personal data are much more of a problem than viruses. Ransomware cuts to the
chase, encrypting your files and demanding payment to decrypt them for you. A
modern security tool must handle all types of malware. The free Spybot – Search
& Destroy tool aims to supplement your antivirus by detecting spyware and
other low-risk malware that an antivirus might miss. Spybot – Search &
Destroy +AV Home Edition aims to be a full-on antivirus, with real-time
protection against all types of malware. Our testing reveals that version 2.8,
reviewed here, falls significantly short of that aim.
This Spybot isn’t free, but it sure
isn’t expensive. At $15.99 per year it’s priced way below any antivirus tools
we’ve reviewed. Just under $40 per year is the most common price for a single
antivirus license. Bitdefender, Webroot, and Trend
Micro Antivirus+ Security are among the dozen that match this
price. It’s worth noting that Spybot licenses anti-malware technology from
Bitdefender, though my Bitdefender contact explained that licenses only the
basic antivirus engine, not any of Bitdefenders other protection technologies.
Most modern antivirus products
strive for an integrated approach, putting all necessary functions at the
user’s fingertips. Webroot
SecureAnywhere Antivirus is an extreme example—you’ll find exactly
one file in its program folder. Spybot has gone the other way, fragmenting its
features into nearly 50 distinct executable modules. The main Start Center
communicates with those modules using command-line parameters, and much of the
help system is devoted to those parameters. I doubt many users are interested.
Each time you invoke one of the
program’s features, it launches a new program, often requiring that you respond
to a User Account Control pop-up, or even two UAC pop-ups. That makes for an
awkwardly noticeable lag when launching tools.
In its default simple mode, Spybot’s
main window (called Start Center) divides into three large panels. Buttons in
these panels let you launch a scan, invoke the immunization feature (more on
that below), or check for updates. If you click the Show Details link at
bottom, the Start Center displays five Basic Tools. Checking the box for
Advanced User Mode adds icon collections for Advanced Tools and Professional
Tools. I’ll discuss those below.
Spybot +AV replaces the scan-only,
spyware-only protection of the free Spybot with a full-scale antivirus that promises
to scan for all kinds of malware on demand and in real time. It shares quite a
few features with the free edition. Please read my review of the free Spybot –
Search & Destroy for full details on these shared
A full scan using the free edition on
my standard clean test system took 23 minutes, quite a bit faster than the
current average, which is a bit over an hour. The scan found no malware,
naturally, but cleaned numerous traces of computer and browser usage. I
expected a slower scan from the enhanced detection in the Home Edition, and, indeed, it took 53 minutes. That’s still faster than the current average.
The Immunization tool fills your
browser blacklists with more than 200,000 known malware-hosting URLs. It also
uses the HOSTS file to redirect those URLs to localhost, meaning they won’t
load. However, in testing with real-world recent malware-hosting URLs, this
tool did absolutely nothing. My company contact confirmed, “Malware URLs often live only a few days, so URL blocking most often is outdated these days.”
In Advanced User Mode, you can
click Report Creator to build a report that will help tech support diagnose any
problems. You also must be in advanced mode to access the program’s settings.
Clicking Startup Tools brings up an exhaustive list of every program that
launches at startup, from any location. You can generate two kinds of startup
logs for analysis by tech support.
I was surprised to find the OpenSBI
Editor tool in the free edition. This tool lets you design your own malware
signatures, but only if you happen to be a trained Spybot expert.
Mediocre Malware Blocking
I follow regular reports from four
independent antivirus testing labs, but none of the reports include data on
Spybot’s capabilities. By contrast, eight of the products I follow show up in
test reports from all four labs, among them Avira
Free Security, Norton, and Kaspersky Anti-Virus. My aggregate
scoring algorithm awards these three 10, 9.8, and 9.7 points respectively, with
10 being the maximum. Not having lab test results doesn’t necessarily mean that a product is bad, but it certainly doesn’t inspire confidence.
The minimal access that occurs when
Windows Explorer retrieves the information necessary to list a file is enough
to trigger on-access scanning in some antivirus products, among them Norton and
Bitdefender. Others don’t launch a real-time scan until you click on the file.
Spybot is even more reticent. Like McAfee
AntiVirus Plus, it doesn’t run its analysis until the file is about
To test Spybot’s malware protection skills, I launched each of my
malware samples and noted its reaction. A small progress bar on the desktop
showed up when it was scanning each file. On detection it popped up a window
with four buttons: Cancel, Quarantine, Block, and Allow. In every case I chose
Quarantine. I haven’t figured out precisely the difference between Cancel and
Allow. I still think the antivirus should automatically quarantine actual
threats, only asking the user about low-risk “potentially unwanted
I did have an experience that Yogi
Berra might have described as “déjà vu all over again.” Several years ago, an
earlier version of this program detected absolutely nothing in the first round
of testing. I contacted the company and learned that they had “an issue with
updates.” It worked fine a few days later. This time, precisely the same thing
happened—zero detections at first. My company contact confirmed a bug, and the
updated version they pushed out a few days later solved the problem. I do
wonder how long the product went with no functional detection. Was I the only
one who noticed? How many customers continued surfing with a false sense of security?
Spybot caught 89 percent of the
malware samples at launch, preventing them from ever executing, and scored 8.9
of 10 possible points. That score is on the low side. Admittedly, Kaspersky and
Antivirus Plus also didn’t do so well against this collection of
malware. However, Kaspersky and Bitdefender get fantastic scores from the
independent labs, while Spybot has nothing of the sort.
I checked with my company contact
as to whether the Home Edition offers malicious URL protection above and beyond
the Free Edition’s Immunization system. He confirmed that it does not, and that it also
does not attempt to divert your browsers from fraudulent (phishing) websites. Kaspersky
and Trend Micro Antivirus+ Security achieved 100 percent detection in my
hands-on phishing test. If you choose to use Spybot, you’ll have to spot the
frauds yourself, or rely on your browser’s built-in protection.
My malicious URL protection test
uses a feed of malware-hosting URLs recently discovered by researchers at MRG-Effitas. I
launch each URL and, for those that aren’t already defunct, record whether the
antivirus steered the browser away from the dangerous URL, eliminated the
malware download, or sat idly doing nothing. According to one of the settings
pages, Spybot applies “special scrutiny” to files in folders that you identify
as download folders, so I put the test system’s download directory on that
list. Then I proceeded with the test
As with my test of the free
edition, the Immunization feature did nothing to block any of the dangerous
URLs. That makes sense, because these URLs are typically transient, not easily
handled by a blacklist-based solution. Spybot also did not examine the
downloaded malware, as far as I could tell, leaving me wondering about “special
Technically, Spybot earned a big
zero on this test. It did not block access to any URLs and did not eliminate
any malware downloads. I decided to give it a chance to show its mettle by
running a scan on the downloaded files. The File Scan warned that scanning so
many files might take quite a while, and indeed it took more than 15 minutes.
That was nothing compared to the
time required to remove those files detected as malware. Spybot proceeded with
such glacial speed that marked it as “Not Responding.” Checking with Task
Manager, I found that two Spybot processes were consuming 98 percent of CPU
resources or more. It took all afternoon to get through about five dozen files.
In the end, Spybot’s scan deleted
83 percent of the new malware downloads. Two-thirds of recent products scored
better than that. McAfee, Sophos, and Vipre topped this test, each with a
perfect 100 percent for protection. Vipre
Antivirus Plus stood out by blocking all access to 95 percent of
the dangerous URLs. Spybot could benefit by adding modern protection against
malicious and fraudulent URLs, and by actively scanning all downloaded files.
See How We Test Security Software
In its default simple form,
Spybot’s main window just offers three big panels with buttons to launch a
scan, run the immunization sequence, or check for updates. When you click the
Show details link at bottom right and then check the box for Advanced User
Mode, it gets quite busy with icons.
In this view the icons show up in
three sections: Basic Tools, Advanced Tools, and Professional Tools. In the
Professional edition, all the tools are enabled. Users of the free edition get
access to Report Creator, Settings, Startup Tools, Update, and Rootkit Scan
from the Advanced Tools group, and (strangely) to the OpenSBI Editor from the
This review covers the Home
Edition, the most logical for consumers. All the Basic Tools (System Scan, File
Scan, Immunization, Quarantine, and Statistics) are available, naturally. It
gets the same selection of Advanced Tools as the free edition. Access to System
Repair and Secure Shredder requires a Professional Edition license or higher.
The OpenSBI Editor, mentioned
earlier, resides in the Professional Tools section, as does the Script Editor,
which lets you write malware detection scripts…if you happen to be professional
malware analyst. No average user should even consider attempting to use these
tools. Even an experienced analyst might be hard-pressed to figure them out, as
they’re very Spybot-specific.
Spybot’s Phone Scan scans your
iTunes folders for iOS-based malware. It doesn’t literally scan your phone;
iOS’s intense internal security makes that pretty much impossible. In any case,
you need a Professional license or better to use it.
The Boot CD Creator, as its name
implies, creates a bootable CD that you can use to run Spybot on a system that
won’t boot Windows. When I last evaluated Spybot, I found the process more
awkward than most similar features in that it required you to first download
and install Microsoft’s Windows Automated Installation Kit (WAIK). I can’t
confirm that’s still the case, as this feature needs at least a Professional
license and I’m testing the Home Edition.
In situations where malware
interferes with Spybot’s operation, the Repair Environment offers a separate
desktop that’s insulated from most opportunities for interference. If you’re
lucky, a Spybot scan in the Repair Environment will solve the problem. And
hooray! Home Edition users do get access to this feature.
Now you know what upgrading to
Professional gets you. If you’re a security wonk who’d love to have those
additional features, you can pay $12 per year more to upgrade.
You Can Do Better
Unlike its free sibling, Spybot –
Search & Destroy +AV is a full-scale antivirus utility with real-time
protection against malware attacks. But it doesn’t protect against malicious or
fraudulent websites, it totally lacks validation by independent labs, and it
earned just so-so scores in our hands-on testing. The user interface is
unusually awkward, harking back to the program’s origins 20 years ago. It’s
inexpensive, but you get what you pay for.
Rather than rely on this awkward
utility, try one of our Editors’ Choice antivirus products. Bitdefender
Antivirus Plus and Kaspersky
Anti-Virus routinely top the charts in reports from the testing labs. Webroot
SecureAnywhere AntiVirus often tops our own internal testing, and it’s the
smallest antivirus around. And your single subscription to McAfee AntiVirus
Plus lets you protect every device in your household. Sure, you’ll pay more,
but you’ll get a great value.
If you just don’t have the cash, consider our Editors’
Choice for free antivirus, Kaspersky Security Cloud Free. It costs nothing, and
Spybot – Search & Destroy +AV Home Edition Specs
|On-Demand Malware Scan||Yes|
|On-Access Malware Scan||Yes|
|Malicious URL Blocking||No|