Warning: Possible Bug in Spybot S&D.

Hope I'm not over-reacting here, but I may have discovered a bug in Spybot S&D v.1.3.1TX, which might have more general implications.

I wrote to Patrcik Kolla about it a couple of weeks ago, but had no reply, so draw your own conclusions.

Background: I have HandyBits Easy Crypto on my machine. It needs Teknum Updater to work, which Spybot lists as "Spyware" (Settings>Ignore Products>All Products Tab: also under Spybots Tab). With previous versions of Spybot, the weekly scan would pick-up Teknum, however, I would not delete it because Easy Crypto wouldn't work without it; instead, I used Kaspersky Anti-Hacker to deny Teknum access to the web, which kept Easy Crypto working OK, without any possible downside.

Problem: Since updating Spybot to v1.3.1TX (downloaded from this site), running my weekly scan produces the message "Congratulations--no spyware detected", yet Teknum is still on my system, and is still listed under All Products and Spybot Tabs, which have not been inadvertently ticked, which means that Spybot should still detect it, and not ignore it as it is doing!

Conclusion: If Spybot 1.3.1TX no longer detects Teknum when it should, could there be other nasties which it is not detecting but which we think that it is? Bears thinking about, doesn't it?

Be pleased to hear anyone else's views.

 

Hi Major,

I use Ad-Aware in my weekly sweeps too, which is also updated weekly, but it doesn't pick up Teknum Updater either -- neither does SpywareBlaster, nor SpySweeper -- Spybot was the only one that did(prior to v1`.3.1TX).

 

Hi Chaslang,

Thanks for link, though I know it of old. Never bothered with the stuff Tony spoke about though, because I've never had any probs with Teknum Updater on my system (unlike the guy who started that thread) as Kaspersky stops it having web access while enabling Handy Crypto to work OK.

But, whether Teknum is something one should have on one's system or not is a personal choice; the real issue here is that Spybot 1.3.1TX should recognise it but doesn't, though previous version of Spybot did.

However, in itself, I don't find this a problem (because I know that Teknum's there -- I installed it as part of Handy Crypto -- and I want to keep it there). The real question it raises is this: If Spybot 1.3.1TX now lets Teknum slip though undetected, what else is going undetected that we don't know about, and did not choose to install?

Makes you think, doesn't it?

 

Yes, version 1.3, but both version 1.3 and 1.3.1TX have Teknum listed as a Spybot, so the latest version should detect it. Vesion 1.3 detected it every week when I ran a scan (Teknum had been on my system for 6 months or more, so this was a regular occurence), but since installing version 1.3.1TX a few weeks ago, it's not detected anymore. The big question is: "What else is version 1.3.1TX not detecting?" So much so that I'm thinking of uninstalling v.1.3.1TX and reinstalling v1.3!

I don't know why the other apps I mentioned don't detect Teknum -- perhaps they don't have it in their libraries as spyware, but I haven't been able to find lists of what they do detect, so I cannot say whether they are overlooking it when they sould detect it, or overlooking it because they simply don't list it.

The moral from all this is surely that it's not enough to trust one spyware app alone, yet many people have nothing more that Spybot and/or Ad-Aware on their system.

Be nice if someone had a definitive answer to this one.

 

Yes, I run SpySweeper 3.20 once a week (the free version -- but every month or so, I uninstall, download again and reistall, which enables me to bring syware definitions up to date), but it doesn't pick Teknum up. Neither does Ad-Aware SE Personal 1.05, SpywareBlaster v3.2, or X-Cleaner free version, all of which are updated weekly and scans run afterwards.

However, Spybot and X-Cleaner are the only apps where I can actually see their lists of "malware", the others keep it a secret; interestingly enough, Spybot 1.3.1TX lists Teknum as a 'spybot', but X-Cleaner doesn't list it at all in its 'encyclopaedia'.

Months ago, when I first installed Easy Crypto (from a magazine CD), as soon as I launched it, the Teknum Updater component tried to gain web access, which Kaspersky stopped whilst it waited for my instructions. I did a Google search for Teknum, and came up with a lot of references to Teknum being spyware, one of the links you even gave in an early post, so the opinion out there in cyberspace is that Teknum is an unpleasant piece of sh*t that uploads info about one's system , and that it should be stopped. I then ran Spybot, either version 1.3 or the previous version, both of which listed Teknum as a 'spybot', and they detected it and asked me if I wanted to delete it. I kept it, for reasons previously stated, but denied it web-access.

So, like you, I have to think out loud, but I'm no nearer an answer. However, it's safe to make following statements of fact:-

• Teknum is loaded into one's system by Easy Crypto, and a number of other apps apparently, without your prior knowledge or approval.
• Teknum uploads info about your system and other unspecified things unless you block access to the web.
• Spybot 1.3.1TX, and 1.3, and (from memory) the previous version all list Teknum as a 'Spybot'
• Spybot correctly detected Teknum prior to version 1.3.1TX, and asked you what to do with it.
• Spybot 1.3.1TX should detect Teknum, but doesn't.
• X-Cleaner, is the only other app I use which makes its list of malware publicly accessable through the user interface does not list Teknum as a problem.
• Lots of guys have posted on web to say that Teknum is a problem.
• I don't know if Ad-Aware, or SpywareBlaster, or SpySweeper consider Teknum a threat, as their 'malware' lists are not visible through the user interface: incidentally, SpySweeper is the only one of all of the apps I've mentioned which picked up C-Dilla on my system; none of the others did, yet a simple Google search shows that a lot of people consider that is spyware too.

The conclusions I draw from this are:-

1. That there's a bug in Spybot 1.3.1TX, but I don't know if it is restricted only to failing to detect Teknum, or if other things could be getting by.
2. Never think that you're 100% clean, no matter how many spyware apps you have installed, update, and scan regularly with.

Seems like you agree with me, but I hope this thread has been of some use to somebody or other.

I