If you use Spybot-S&D's realtime protection against spyware, nasty spies will not enter your system. Currently there are three different kinds of protection.
The Immunize function prevents e.g. Tracking Cookies from entering your system. Immunize works with Mozilla Firefox, Internet Explorer and Opera, allowing you to adjust specific settings of the browser to block known spyware installers, (and similar baddies) already included in Spybot-S&D's database. You start the Immunize function by clicking on Spybot-S&D → Immunize on the left navigation bar.
Resident SDHelper is a second layer of protection for IE. Immunize function blocks installers by their ActiveX ID, while SDHelper blocks badware that tries to enter using a different method. Thus Internet Explorer cannot download bad files. You start SDHelper by clicking on Tools → Resident on the left navigation bar (therefore Spybot-S&D has to run in Advanced Mode). There you can tick the checkboxes next to Resident "SDHelper" (Internet Explorer bad download blocker) active in order to activate SDHelper.
Resident TeaTimer prevents unwanted files from being installed � no matter how � on your system. It monitors the processes called/initiated perpetually. If known malicious processes want to start, TeaTimer immediately terminates them, giving you three options how to deal with this process in the future:
* be informed when the process tries to start again
* automatically kill the process
* generally allow the process to run
There is also an option to delete the file associated with this process.
If something tries to change critical registry keys, TeaTimer will detect it. TeaTimer can protect you against such changes by giving you an option: You can either Allow or Deny the change. TeaTimer is always running in the background.
Since Spybot-S&D 1.6 the TeaTimer uses our database where known files are rated as good or dangerous. This database contains several hundreds of thousands entries and is enlarged continuously. Nonetheless now and then there are files which are not contained yet. In these cases and if you use older Spybot versions Resident TeaTimer will ask your permission for every change. If you are not sure if you should allow the change, there is a simple rule of thumb:
If you have been installing something and/or if you judge the file that is going to be installed as good because you know its name, you can proceed by allowing the registry change (same thing if you or Spybot-S&D were deleting an application). But if the message comes out of the blue sky while you were surfing the web, you should get cautious. In this case it is better to deny the registry change.
You start Resident TeaTimer by clicking on Tools → Resident on the left navigation bar (therefore Spybot-S&D has to run in Advanced Mode). There you can tick the checkboxes next to Resident "TeaTimer" (Protection of over-all system settings) active in order to activate TeaTimer.
Of course it is possible to revise each of your personal decisions. That could be necessary if you have denied some process which turns out as a good one later. You do so by right clicking on the TeaTimer symbol in the system tray - it is the blue one with the lock. (If you cannot see the symbol, it is probably hidden. Just click on the arrows in the system tray to show all hidden symbols.) A window appears where you have to click on Settings to modify your personal lists of registry changes and processes.