Het is al jaren lang een vertrouwde naam voor gebruikers die een oplossing voor hun spywareprobleem zoeken, en ook onze poll laat duidelijk zien dat SpyBot Search & Destroy nog altijd de populairste anti-spyware tool voor thuisgebruikers is. Wij interviewden de mensen achter de schermen en vroegen naar de nieuwste ontwikkelingen op het gebied van spyware en wat we in de toekomst van Spybot kunnen verwachten.
In the summer of 2000, Patrick got infected by some of the first pieces of spyware by using a popular download manager. In the July issue of the German computer magazine c't he then found an article with instructions to remove these infections which he found quite easy. But when the spyware returned and he also had to clean some friends' PCs he decided to write a little tool to automate the removal. This was the first, very small version of Spybot - Search & Destroy. When he sent a question to the author of that c't article the latter published Patrick's question instead of answering it. Thereupon, many readers asked Patrick if he could send them his tool. That way Spybot - Search & Destroy got his first users. As more and more spyware came up, Spybot-S&D - also with the help of some users sending in malware samples - grew and grew; and so did the group of users. From a small hobby Spybot-S&D has turned to a full time job. As Spybot-S&D was originally not even intended to be published it was, of course, not intended, not to mention expected, to become so popular.
Q. For most anti-spyware programs you have to pay, how is it possible that Spybot S&D is still free?
It is Patrick's strong conviction that software should be free. He could never demand a fee for his software for private use. The fact that Spybot-S&D can still compete with commercial companies that invest much more money in the development of their products is on the one hand due to the commitment of Patrick and all the voluntary helpers around the world. On the other hand it is due to the many users that did donate some money to the cause thus allowing Patrick not only to make a living but also to employ some professional (mostly sidejob) helpers (Team Spybot).
Q. Have there ever been attempts from commercial vendors to buy Spybot S&D? and could this happen in the future?
Yes, there have been several attempts by bigger companies to buy Spybot-S&D. But Spybot-S&D he has become kind of the project of Patrick's life and he will never give up this project.
Q. Do you think a free tool like Spybot S&D is just as good as a commercial anti-spyware application?
Recent tests show that Spybot-S&D can still compete with commercial products. While in some tests some commercial applications reveal better results, there are also tests where Spybot-S&D beats its competitors. This always depends on the selection of the malware products being tested. And there are always many commercial products that are far behind. Also, our Advanced Mode with its Tools section is something that most competitors do not offer.
Q. What kind of new spyware developments are happening right now and what can we expect in the future?
Spyware is getting more and more difficult to detect. Not only that it hides in system folders or changes its names. We also discovered that many malware products do not always behave in the same. So, if a user sends us a malware sample it is possible that on our test system this malware does behave in a totally different way or does nothing at all. Also, randomisation of file names, URLs and other attributes is quite common. As in the end we mostly manage to find a way to detect them anyway, I think that spyware developpers will put their efforts in making their products still more difficult to detect.
Q. A lot of spyware is installed through Internet Explorer (exploits). Could you say Spyware is an IE problem only?
No, Spyware is not an IE only problem anymore. In the past Internet Explorer's position was almost comparable to a monopoly position. And it is true that still many spyware products come in through security holes in IE. But since alternative browsers like Opera and especially Firefox have finally become more popular recently and are also far spread by now, a great part of spyware applies to any browser. Anyway, Opera and Firefox are still much safer than Internet Explorer.
Q. What is the first step in preventing spyware?
In my opinion it is most important for the user to be aware of the spyware threat. Alert and careful internet surfing does prevent a great part of spyware. As this is often not enough, you should use an alternative browser like Opera or Firefox, protect yourself with a firewall, have an anti-virus program and at least one anti-spyware tool installed and running. It is also very important to keep all of these as well as your Windows installation updated.
Q. Could you say that a dedicated anti-spyware supplier is better suited to fight spyware than a general security supplier who also happens to do anti-spyware?
Yes, I think that effective spyware fighting is only possible with a certain dedication. Spyware products have become so tricky and are developping so fast that dedication is vital to keep pace. However, there are certainly dedicated people working for general seurity suppliers.
Q. A lot of people are making a fuss about what the definition of spyware is. Shouldn't we be focussing on how to get rid of it?
A unified definition of spyware is very important in order to establish a basement for legal prosecution of spyware developpers. Right now there is no possibility to sue spyware developpers for any damage they did. With our company (Safer Networking Ltd) we ourselves are members of the Antispyware Coalition (www.antispywarecoalition.org) one of whose major aims it is to phrase a unified definition of spyware. However, detection and removal of spyware is still our main concern.
Q. Is there a regional difference in the way spyware spreads? Could you say for example that American users are more susceptible to spyware than European users?
In Europe and America the degree of awareness of spyware is roughly speaking on the same level. Thus the susceptibility to spyware is comparable. However, in many parts of Asia many are far less aware or concerned of the malware threat and therefore are usually more susceptible to spyware than Europeans or Americans.
Q. We've seen a couple of lawsuits where ad-ware providers sued anti-spyware suppliers because they removed the adware which was installed "legally". Shouldn't adware companies make it more clear to people that they're installing adware?
At least to German laws it is not sufficient to express the ad-/spyware features somewhere in a longer EULA. It has to be clearly recognizable for the user without having to read all the terms and details of the EULA.
Such cases are also a topic of the Antispyware Coalition. It is putting up a set of objective criteria to determine what actually defines malware as such. These objective are meant to help anti-spyware companies justify detections against such suits. However, the members of the ASC are not bound to these criteria.
For border line cases where we know that some software is malevolent but it is a to proof that it is spyware we have created the category PUPS (Possibly UnPopular Software) in Spybot-S&D.
Q. Microsoft has also entered the anti-spyware market through the acquisition of Giant Antispyware and is now preparing the launch of Windows Defender. What effect will this have on the anti-spyware market?
On the one hand this could raise the general awareness of spyware which would certainly be a good effect. On the other hand, people that are less aware might think that Windows Defender is enough and won't look for an alternative. It's hard to predict what effect this will have on the market but I think that the effect won't be too strong. It will put some more pressure on the other companies, but Microsoft will also have to proof their competence on the spyware sector (MSAS wasn't too convincing). All in all I think that Windows Defender won't revolutionise the market but anyway, the user might profit.
Met dank aan Florian Hohnsbehn voor zijn tijd en antwoorden
Deze posting is gelocked. Reageren is niet meer mogelijk.