Spybot - Search & Destroy +AV 2.3 Review
Modern antivirus programs don't just hunt down viruses: They actually handle all kinds of malicious software. The free Spybot - Search & Destroy tool aims to supplement your antivirus by detecting spyware and other low-risk malware that an antivirus might miss. For the full Spybot experience, though, you'll want Spybot - Search & Destroy +AV 2.3 ($25.99). It does offer real-time protection and detection of all malware types, but it's not be the best choice.
Most modern antivirus products strive for an integrated approach, putting all necessary functions at the user's fingertips. Webroot SecureAnywhere Antivirus (2014) is an extreme example; you'll find exactly one file in its program folder. Spybot has gone the other way, fragmenting its features into nearly 40 distinct executable modules.
The main Start Center communicates with those modules using command-line parameters, and much of the help system is devoted to those parameters. I doubt many users are interested. Each time you invoke one of the program's features, it launches a new program, and that makes for a noticeable lag.
Shared Features
Spybot +AV replaces the scan-only, spyware-only protection of the free Spybot with a full-scale antivirus that scans for all kinds of malware on demand and in real time. It shares a number of other features with the free edition. You should read my review of Spybot - Search & Destroy 2.3 for full details on these shared features.
Spybot's rootkit scanner detects rootkit activity by seeking files and Registry items that aren't visible to Windows. A quick rootkit scan runs in seconds; the deep scan takes quite a bit longer. It will also scan for and remove "usage tracks," meaning traces of your computer and Internet usage. And it will optionally configure all your browsers to reject third-party cookies, which can be used by advertisers to track your surfing.
The Immunization tool fills your HOSTS file and your browser blacklists with a list of more than 15,000 known malware-hosting URLs. However, the list itself says it's "Copyright 2000-2010," so it may well be four years out of date.
In Advanced User Mode, you can click Report Creator to build a report that will help tech support diagnose any problems. You also must be in advanced mode to access the program's settings. Clicking Startup Tools brings up an exhaustive list of every program that launches at startup, from any location. You can generate two kinds of startup logs for analysis by tech support.
I was surprised to find the OpenSBI Editor tool in the free edition. This tool lets you design your own malware signatures...if you happen to be a trained Spybot expert.
I launched every single one of my malware samples and noted Spybot's reaction. A small progress bar on the desktop showed up when it was scanning each file. On detection it popped up a window with four buttons: Cancel, Quarantine, Block, and Allow. In every case I chose Quarantine. I haven't figured out precisely the difference between Cancel and Allow. My own thought is that the antivirus should automatically quarantine actual threats, only asking the user about low-risk "potentially unwanted programms.''
Choosing Quarantine opened a window showing Spybot's cleanup progress. This window was frequently unresponsive, to the point where it would not redisplay if another window passed over it. However, it did eventually finish in every case.
The first time I ran this test, Spybot detected precisely none of the samples—a big fat zero. I checked with support and learned that they'd had an issue with updates. When I ran the test again a couple days later, Spybot detected 83 percent of the samples and earned 8.3 points for malware blocking. Kaspersky Anti-Virus (2014) took just 8.2 points in my tests, but it gets absolutely stellar ratings from the independent antivirus labs. Alas, the labs I follow don't include Spybot in their tests, so it can't get a boost from their results. VIPRE Antivirus 2014 and Comodo Antivirus 7 both managed 100 percent detection in my malware blocking test.
Before running my malicious download blocking test, I ran an Immunization scan. The Immunization feature is designed to prevent all access to known malware-hosting sites. I also enabled the Spybot proxy, which "protects you against malicious websites and cookies systemwide." Spybot applies "special scrutiny" to files in folders you identify as download directories, so I made sure to put my download directory on that list. Then I began the test, which involves launching very fresh malicious URLs supplied by MRG-Effitas.
After downloading 50 malicious executables without a peep from any of Spybot's components, I concluded there was no point in continuing to the usual 100. As noted earlier, Spybot's real-time protection doesn't kick in until the file launches. So, I launched each downloaded sample to see what Spybot would do. It detected exactly four of the 50 files; not very impressive.
The chart below summarizes both tests. For more details on my testing procedure, see How We Test Malware Blocking.
Spybot - Search & Destroy +AV 2.3 Malware Blocking Chart
Two new Advanced Tools are enabled in the Professional edition. The Secure Shredder will overwrite files 1, 7, 35, or 100 times, and comes with some handy presets to shred things like temp files and browser cache files. System Repair scans your Registry for useless and erroneous entries. When the scan finishes, you can choose to delete or repair selected items. Be warned; if you choose the repair option, you will have to step through the entire list, one item at a time, and make manual corrections or deletions. Most users will just choose "Delete all" and be done with it.
Professional Tools
The OpenSBI Editor, mentioned earlier, resides in the Professional Tools section, as does the Script Editor. No average user should even consider attempting to use these tools. Even an antivirus analyst might be hard-pressed to figure them out, as they're very Spybot-specific.
Spybot's Phone Scan scans your iTunes folders for iOS-based malware—that's something I haven't seen before. The Boot CD Creator, as its name implies, creates a bootable CD that you can use to run Spybot on a system that won't boot Windows. It's more awkward than most similar features in that it requires you to first download and install Microsoft's Windows Automated Installation Kit (WAIK).
In situations where malware interferes with Spybot's operation, the Repair Environment offers a separate desktop that's insulated from most opportunities for interference. If you're lucky, a Spybot scan in the Repair Environment will solve the problem.
If you don't need quite this many advanced tools, consider the Home edition, which costs half as much as the Professional edition reviewed here. It still has full-scale antivirus protection, but it lacks Phone Scan, System Repair, Secure Shredder, and Boot CD Creator.
You Can Do Better
Spybot - Search & Destroy +AV 2.3 is a full-scale antivirus utility, unlike it's free cousin. It's just not a very good antivirus. The presence of a flotilla of bonus features can't make up for that, especially because many of them require more technical skills than most users can muster. You'll pay a little more for one of our Editors' Choice antivirus products (Webroot SecureAnywhere Antivirus (2014), Norton AntiVirus (2014), or Bitdefender Antivirus Plus (2014)), but you'll get much better protection. If cost really is a problem, AVG AntiVirus FREE 2014, our Editors' Choice for free antivirus, will still do a better job.
PROS
Includes on-demand scanning and real-time protection against all types of malware. Can create reports for tech support. Immunization tool blocks known malicious URLs. Startup analyzer. File shredder. Rootkit scan. Registry repair. Boot CD creator. Repair environment. Scans for iOS malware in iTunes.
CONS
So-so results in malware blocking test. Failed malicious downloads test. Some advanced tools totally unsuitable for normal users. Immunization tool is out of date. Modular design causes noticeable lag in response. Many components awkwardly designed.
BOTTOM LINE
Unlike its free spyware-only cousin, Spybot - Search & Destroy +AV 2.3 is a full-scale antivirus, with on-demand malware scanning and real-time protection. It just didn't do well enough in testing to earn our recommendation.
Original Article http://uk.pcmag.com/spybot-search-destroy-av-23/32586/review/spybot-search-destroy-av-23