History - Spybot Anti-Malware and Antivirus : Spybot Anti-Malware and Antivirus

BrowsAlyzer in 2023

Safer-Networking demonstrates a pre-release of BrowsAlyzer.

Read more...

One unique feature of Spybot is it's outstanding support for the data within browsers - not just the main ones like Internet Explorer, Edge, Chrome, Opera and Firefox, but dozens of others as well. Spybot is able to do detailed scans in dozens of different browsers. There was an older tool called BrowserCI that kind of demonstrated this, but in 2023, Safer-Networking decided to wrap this up as a useful tool for all kinds of users. BrowsAlyzer allows a variety of searches among browser data, from tracking bookmarks to pre-defined searches of interest to parents or forensics.

Anti-Beacon 1.0 in 2015

Team Spybot releases Spybot Anti-Beacon 1.0 to stop the telemetry from Windows 10.

Read more...

First published on August 19th, 2015 as version 1.0, Spybot Anti-Beacon is a tool to block telemetry. When Windows 10 was released, the outcry about the massive amount of telemetry, compared to previous Windows versions, was huge. Just like with Spybot, Anti-Beacon was initially a small tool for his own use to disable Windows 10 telemetry. It had the working name Cut The Line before its release, referring to stopping the Internet connection. Since then, Anti-Beacon has grown to cover further categories of software that have also implemented telemetry, like office software, browsers, even antivirus applications.

Spybot 2.0 with Antivirus in 2012

In 2012, Spybot added realtime protection and an antivirus engine to cover a broaded range of malware.

Read more...

Spybot with its dedicated team always focused on spyware and anything directly threatening privacy, since there were already a bunch of good antivirus applications out there. Over the year though, antivirus companies entered the anti-spyware field as well. Many of the major antivirus products forced their customers to uninstall Spybot because of claimed incompatibilities, which were never named, nor could be reproduced by Team Spybot, but caused many Spybot users to abandon Spybot involuntarily. To make it possible for our users to have both the best anti-spyware and anti-virus protection, Team Spybot teamed up with the leading antivirus engine (found three times in the top three antivirus products of that years, and many more since then) and offered Spybot 2.0 with an integrated award-winning antivirus and real-time protect Patrick isn't really a fan of subscription based software for private use, but since we have to pay yearly fees for using this antivirus, paid yearly subscriptions for Spybot were created, named Spybot Home and Spybot Pro. True to the initial thought of everyone's right to privacy, Spybot Free (just without antivirus) was of course continued.

Spybot 1.6 and OpenSBI in 2008

Spybot 1.6 supports the new well documented open malware signature format OpenSBI.

Read more...

Spybot was intended to be an open system from the beginning. When Patrick was called by his university that his software was now using a third of the bandwidth of the whole institution, he had a great discussion with the computer science department and decided to provide Spybot as what was regarded as open source back then. While this does not fully fit todays definition of open source, Team Spybot published, along with the release of Spybot 1.6, an open format describing how to detect malware: OpenSBI. OpenSBI has a simple format to describe not just files, but dozens of system entity types, and Spybot includes a syntax highlighting editor to simplify its use. Additional tools like FileAlyzer create parameters in OpenSBI format as well, allowing everyone to enhance Spybot with individual signatures.

RunAlyzer in 2006

Multi Installation Autostart Manager RunAlyzer published to help with analysis autostart while booting from CD.

Read more...

One unique feature of Spybot was and still is that it is able to read the Windows registry of inactive drivers and users, making it the perfect choice to scan a system while booting from another drive or a CD to avoid active malware hindering the scan. In this context, manual autostart analysis was and still is important to forensics and people trying to self diagnose yet unidentified malware, so we created a tool that was able to display a wide range of autostart entries (and browser extensions) even for inactive drives, exporting this as HijackThis logs, and our own, more detailed, logs. It also introduces LASSHes, a kind of hash of startup entries that helps to quickly identify good system entries, since their LASSHes are known. This tool is also included under the name Startup Tools in Spybot itself.

FileAlyzer 1.2 in 2005

Team Spybot releases their file forensics tool FileAlyzer.

Read more...

Team Spybot releases the first public version of FileAlyzer, a tool from their forensic department to view and analyze file content. It is also able to create file attribute rules for the malware description language OpenSBI, which is an open source version allowing anyone to enhance Spybots detection capabilities. Another key feature is the display of anomalies that hint at malware. FileAlyzer is a good entry point at trying to unsderstand a wide range of file formats up to today.

Definitions of Terms, Anti-Spyware Coalition in 2005

Spybot is among the first members of the Anti-Spyware Coalition and a member of the working group to define what spyware actually is.

Read more...

The US based Center for Democracy and Technology initiated the Anti-Spyware Coalition to get some common grounds into the anti-malware industry, and Safer-Networking, the company behind Spybot, was among its first members. We were also a member of the working group that provided a commonly agreed upon definition of what spyware and similar terms actually mean.

RegAlyzer 1.0 in 2003

Safer-Networking publishes sophisticated registry editor with advanced features for power users.

Read more...

The Windows registry is a database every Windows computer uses as a data and configuration storage. It is a good place to search for indicators of malware, since it includes dozens of places where software that wants to autostart needs to register. The registry editor provided by Microsoft is very simple and missing a range of features that power users need, like a background search, easy to use bookmarks, tabs and more. Safer-Networking wrote RegAlyzer to improve their own forensic work.

Net-Integration in 2002

A dedicated support forum is founded with the help of an US-based volunteer. More volunteers appear.

Read more...

Until now, Patrick was mostly using some existing forums like Wilders Security to communicate with the community. With the help of Eagle1, Net-Integration became the first dedicated official support forum (Wayback machine archive). Our most loyal forum helper and team member Tashi was recruited to help with the Team Spybot forum community, and started managing support, training helpers, and doing everything to keep the forum flowing.

Translations in 2000

Spybot gets translated into 30 and more languages by volunteers over the following years.

Donations in 2000

Spybot was a free download (still is), but people started to ask if they can donate towards growing server and additional costs, so Patrick sets up a PayPal account and starts accepting donations from all over the world.

Team Spybot in 2000

Within a short amount of time, Patrick is answering a hundred emails a day, and needs help. Some Internet forums pick up his tool, and the first volunteers start to help supporting the software and finding more threats to counter.

The first customers in 1999

Patricks emails an author of German computer magazine c't, which prints his email as a readers letter, and readers start to ask for his software.

Read more...

German publisher Heise publishes an article about the first types of adware in their computer magazine c't, reporting about the nearly the same files Patrick has encountered. But there are some differences, and Patrick emails the author of the article about details. Not receiving a direct response, Patrick forgot about the software until he gets a few dozen emails within a day asking for his software. He checks where they come from, and finds out c't has printed his email, which mentioned his tool, as a readers letter. So as soon as the next magazine was in print, people come asking for Spybot.

The first software in 1999

After removing the same files multiple times, he writes a simple GUI with a button to remove the file the next time it re-appears. The first Spybot, still called some work in progress name back then, is born, and is a simply in-house tool.

Read more...

Patrick was active developing software back then, and was quick to find the responsible DLL file that downloaded the ads. Removing the file caused the software to display errors, so he wrote a replacement file that would accept commands from the software, but not do anything at all. Since the file came back after an update, he decided to have the most simple program, basically just a window with a button, to find and replace this file without the hassle of having to do it manually again. Over the next month, more software started to using adware, so the software soon had a list of a few dozen entries to check, and a list to display results.

The first adware in 1999

Patrick Kolla-ten Venne, a student of computer science is working from his fathers office and notices the dial-up Internet Connection to be connected regularly. He finds the culprit in some ads shown in a recently downloaded app, and removes it.

Read more...

Back in 1999 in Germany, Internet connections were usually metered, using dial-up with a modem (or later, DSL adapter). Software usually did not connect to the Internet unless the user specifically requested it - automated lookups for updates were not common for example, since each dial-up would cost the user. So this was a kind of post-AOL-CD and post-Compuserve, but pre-flatrate situation in Germany. In same of the rare local networks that already existed back then, Internet connections were established using a centralized router that dialed up automatically when requests where made. Dr. Kolla was an expert on networks back then (ranging as far back ashaving set up one of the first 20 MB (yes, that's no typo) NAS), and maintained a local Novell Netware network with such a router for Internet access for his company. Used to the old modem days where downloading a driver update from a BBS in the US with 8k modems, where efficiency was key to avoid having to pay more than 20 $ for a download, Patrick was optimizing the rare downloads using a download manager, which happened to have one of the first kinds of adware integrated (Aureate, Radiate and Cydoor). This download manager was downloading and displaying ads even when no downloads were running, causing repeated connections. Each connection was around 23 Pfennige (12 Euro cents), so one ad an hour during working hours could some up to 40 € per month just for a single software.