Three Minutes With Spybot's Creator Patrick Kolla
Patrick M. Kolla wrote Spybot Search & Destroy, a free download that is one of PC World's most recommended programs. Spybot is an anti-spyware scanner that finds and cleans out adware on your PC so your private information can't be transmitted. The software is so popular worldwide that user donations support Kolla's company, Safer Networking Limited, which he runs with part-time help from his father, Dr. Michael Kolla, and a group of computer science students called Team Spybot. Kolla, 26, lives in Germany 300 steps from the Safer Networking office that takes up a floor in his parents' home. An edited transcript of the February 23, 2004, conversation follows.
PC World: How do you define spyware?
Patrick Kolla: Well, it's some piece of software that the user doesn't know about that transmits personal information.
PCW: What got you interested in writing Spybot?
Kolla: I read an article in the German computer magazine c't about some of the first kinds of spyware, and found that my own computer was infected. Being a software developer, I decided it was easier to write a very small application to remove it instead of manually removing it. I had a question and mailed the editor of that article, who put my question with a link to my tool in c't's readers' section. From there on, people who were interested contacted me with problems and suggestions and helped me to improve Spybot.
PCW: How can you afford to keep Spybot as freeware (with donations accepted)? Why is it important to you to do so?
Kolla: Not many people donate, but those who do give enough to keep up the operation. It's simply a very good feeling to help people without having money as the primary reason.
PCW: How hard is it to keep Spybot up to date?
Kolla: I couldn't do it without Team Spybot. They collect system reports, gather samples of new threats, even do some work on the detection database.
PCW: Do you write other software in addition to Spybot? Is Spybot just a side project or is it your main job now?
Kolla: [Chuckles] Oh, well, it started as a small side project, but it is so large now that I don't have time for anything else at the moment. So even my father is helping me out with part of his time because it's just growing and growing and growing. My father does engineering work in the field of energy-saving solutions, though a lot of his time goes into helping my project. He had his office near our home since his first days as a freelancer, so I grew up spending a lot of time around the computers there, and learned a lot by watching and, of course, asking how I could help.
PCW: What do you do for fun?
Kolla: Fun? What's that? No, honestly... the work on Spybot is often fun. And I am preparing for a marathon in two months. In summer, I ride my 1978 Honda CX 500 motorbike. And I like to simply go to the pub, have a pint of Guinness, and get together with friends.
What to Watch For
PCW: What changes or updates can we expect from the next version of Spybot?
Kolla: One thing is much improved product support--we now can detect browser hijacks in Opera, in Mozilla, in K-Meleon; oh, in nine different browsers, I would say. I've also improved speed a lot in the new version. The most noticeable change is the user interface.
PCW: Is "spyware" in some cases, an unfair designation? What about software that does nothing more than track the number of times an ad has flashed in a program you've downloaded--no private information beyond your IP address (which any Web site can see when you go there) is transmitted?
Kolla: I wrote some guidelines for myself, which you can find here. The example that you mention would--if nothing else is found--only be called adware, and, as pure adware, would not be added to our detection database.
PCW: Exactly what private information is really transmitted with spyware--and is this information that is willingly (although unknowingly) entered by users, or is there spyware that really extracts things deep in a system's Registry and then transmits them to advertisers?
Kolla: It doesn't have to go deep into the Registry. The most common things transmitted are the URLs of pages that a user visits; sometimes even data the user enters into a form on a Web site.
PCW: How do you guys find new spyware? Do people come to you and say, "My computer's behaving strangely and I think it's spyware," or do you actively go out looking for it or both?
Kolla: Kind of both. People usually go to a bunch of support places all over the Internet and, well, we just go there, ask them to create some kind of system report, and from that, we request some files.
PCW: Tell me a little bit about the process of how Spybot evolved from being just a small tool into being this all-consuming project. Where was the spyware coming from, how many people were downloading the software, and what kind of feedback were you getting from users?
Kolla: When it started, there were only a handful of different spyware programs, and I would be happy to get to one or two or three each day. Then it really started spreading when broadband Internet access increased, and people started to use file-sharing applications.
PCW: You're starting to see exploits against other browsers. What are some other trends in spyware that you can talk about that you're starting to notice, new things that are happening?
Kolla: It's getting more and more similar to viruses, I'd say. When I started, it was quite easy to fix file names and spyware was kept the same for months. Now we've got random IDs, random file names, even random file contents, and multiple parts that will try to redownload the other parts if you delete something. One of the most dangerous trends would be [programs that disable] anti-spyware.
PCW: You were talking a little bit about how spyware is starting to resemble viruses. In the past year, several antivirus companies have started developing products that are supposedly going to do things similar to Spybot in the sense that they're going to search for and remove spyware applications on hard drives. Are you going to stop developing Spybot if they do that?
Kolla: No. I think I've got a good start, a few years of advantage. I'm using Norton Internet Security on my machine. I see dozens of spyware programs and open dozens of spyware files every day, and Norton only complains once or twice a week.
PCW: How many new spyware applications do you investigate every week or every month, and how many of those end up added into the program?
Kolla: I'm currently converting more [staff] people to the detection process because we're not keeping up right perfectly now, but it's still, I guess, two dozen products a week added.
Kolla says he's struggling with the problem of Web links that purport to take you to his site but instead take you to sites for software that you must pay for. His own site, safer-networking.org notes that one of those software packages even directs its users to him for support queries. He warns users to double-check what they are getting before they pay. Of course, Spybot is free. Kolla is also frustrated that when a user enters the name of his program into search engines, sites other than his own pop up.
PCW: We've been seeing that there are these misleading ads that have the word Spybot in the name and then you get to the Web page and it asks you to pay $30 to download something that may or may not do the trick. What advice do you have for people if they see advertising for anti-spyware software? What should they be looking for?
Kolla: I believe that good press, good reports, good recommendations from other users is the best way to reach the users. I'm not a big fan of advertising at all, but I would never buy anything that's advertised by spam. I would never buy anything that's advertised through pop-ups or pop-unders.
PCW: I've been following the issues of companies using the name Spybot in their advertising and domain registration.
Kolla: Yeah. That's truly the frustrating part of the work.
PCW: What are you doing to defend your good name?
Kolla: One thing is that about eight months or a year ago, someone (else) applied for the trademark Spybot in the United States. So internationally, I got some trademarks for Spybot and Spybot Search & Destroy, but in the U.S. there's this problem with [that existing application]; someone wanted to steal my name. One problem is finding a lawyer who will take up my case.
PCW: Seeing that your software is free, how do you pay for a lawyer in the United States? Is this coming out of your pocket?
Kolla: It has to, yeah. A few people donated in the past, especially for legal counsel, and some lawyers give me free advice, so a fee will be doable somehow.
PCW: Did you plan on becoming an anti-spyware software author when you grew up?
Kolla: No. It was never planned. It just happened. I didn't even believe that living on donations or that a freeware concept would be possible.
PCW: Do you have registered users or do you know how many users you have of your software? How many downloads?
Kolla: I don't spy on them. I don't keep track of that [laughter].
PCW: But you have to know how many downloads have been made of the program.
Kolla: I'll estimate it. I don't have statistics on all of the downloads, some 10 million. I'm not sure. Maybe 20 million, maybe 40 million. It's difficult to say.