BeeThink SpyDetector 2.0

{rw_text}Giveaway of the day for December 25, 2008 is BeeThink SpyDetector 2.0.
[rssless]————————-{/rw_text} –>


  • Real-time protection.
  • Firewall and spyware protection in one program (HIPS)
  • Built in whois query.

{/rw_good} –>


  • Is not set by default to automatically start when Windows starts.
  • Is not detected by Windows as a firewall.
  • Software by unknown company.
  • Gives a (false!) warning about my blog =P.
  • Windows gives warning about un-registered driver/publisher.
  • Doesn’t actually remove the spyware/adware if it gets installed.

{/rw_bad} –>

{for=”Features as Described” value=”10″}As I mention below, I am not a security expert so I cannot truly test if this software properly blocks malware, but I give this a 10 anyway. WTHBBQ.
{for=”Ease of Use” value=”7″}Easy, but not very easy.
{for=”Usefulness” value=”10″}Who doesn’t need protection?
{/rw_score} –>

When installing this program, you may get warnings from Windows such as the following:

Messages like that occur because this software, more or less, has not been ‘certified’ or ‘registered’ to work with Windows – the publisher is unknown, therefore the driver cannot be trusted sort of thing. In order to use this software, you will have to pass this warning message. Usually these error/warning messages are meaningless in the sense that the software/driver most likely will not harm your computer. But that is not always the case and I cannot vouch for this software, because I have never heard of BeeThinks, so I will not recommend you to go further since there are free alternatives available (keep reading please).

Registration went well though – just run Activate.exe after you ran Setup.exe.

This program is, more or less, a firewall that is able to recognize spyware, trojans, adware, etc. That being said, this is what the program window looks like:

The program operates like many firewalls. Your open connections are displayed; detail is given about those connections such as port used and IP address. It also includes a ‘warning’ if SpyDetector thinks the connection is harmful. You can block individual connections, IP addresses, ports, etc. You have the ability to create ‘rules’ were you can mass block IP addresses, ports, etc. You can view your connections by each open connection (Session Mode) or by each packet sent/received by your computer (Packet Mode). With these traditional firewall features, BeeThink SpyDetector 2 is able to detect malware. By my understanding, SpyDetector does this by studying your ‘normal’ network/internet activity and if any action deviates from the norm, SD labels it as malware. But I am no security expert so I may be wrong on how it works exactly, nor can I comment on how well SpyDetector 2 works in detecting malware. Bottom line is that this program is a firewall + anti-malware protection. One thing to note, however, is that this program does not remove/delete malware if the malware actually gets on your computer. This program is supposed to detect and block malware before it gets onto your computer – this program offers HIPS protection. You will need an on-demand antimalware scanner to remove malware if you accidently get infected (scroll down to free alternatives).

When you run the program for the first time, be sure to do what the setup wizard says so you can get the program to work properly. I find it annoying that you have to close things like MSN messenger and let the program run for 20 minutes to setup. Can’t be on my messenger for 20 minutes, nooooooooo.

One feature I liked about this software is that you can look up the remote IP address your computer is connected to – a whois (who/what it belongs to). Right click on a connection -> Look up remote IP address.

That all being said, I have never heard of BeeThink before. I am not willing to trust an unknown company with the security of my computer especially if you consider the recent scareware episode where companies in the USA were shutdown for selling fake protection software. Not saying this software itself is bad, just saying…be sure you know the company you are trusting your security with.

Also, there are a few things I noticed:

  1. SpyDetector 2 is not set by default to startup on Windows boot. Yes I know I have complained about programs setting themselves up to startup on Windows load by default before, but this type of program, firewall + anti-malware, is one of those few programs that should start up when Windows load. To make the program start up when Windows loads, go to Tools -> Options -> General -> Start up. Check “Start automatically with Windows”.
  2. Windows (Vista Home Premium 32-bit) does not recognize SpyDetector as a firewall. Usually if you install a firewall onto your computer, Windows Security Center will recognize it as a firewall and turn off Windows Firewall (if you have it enabled). It will also recognize what firewall is enabeld if you look at Windows Security Center. However, this does not happen with SpyDetector 2.
  3. SpyDetector 2 gives a ‘red’ warning about my blog! Lame. I promise that my website does not secretly download spyware/adware/other crap onto your computer. Cross my heart, hope to die, stick a needle in his eye. At least I don’t think so XD.
  4. “Possible Backdoor.Nodelm, Backdoor.Hesive.B, Trojan.Esteems.C Attacks” is said for a lot of TCP connections – even those that are not given a ‘red’ warning. As I said, I am not security expert, but labeling something like 50% of my TCP connections with that warning really cuts into the credibility of this software.

Free Alternatives:

Real-time Protection

Spyware Terminator – comes with Crawler ‘Web Gaurd’ and ClamAV antivirus. I suggest not installing Crawler Web Gaurd (you have to uncheck the option when installing) and turning off ClamAV. Use Avira for the best free antivirus.


Spyware Doctor

On-demand Scanner

Ad-Aware 2008

Malwarebytes Anti-Malware


Firewall w/ HIPS Protection

Comodo Firewall (now Comodo Internet Security) – Internet security includes AntiVirus and Firewall. I suggest not installing the AntiVirus portion of Comodo Internet security. Just use the firewall. Use Avira for the best free antivirus.

Online Armor

PMnet Verdict: For a comprehensive firewall w/ HIPS protection, I suggest Comodo over BeeThink. Comodo is truly an award winning and time tested product that works. Regardless of what you decide, you should still consider getting on-demand scanners since BeeThink and Comodo cannot remove spyware/unwanted stuff (although Comodo Internet Security can remove viruses) if your computer is infected. For on-demand scanning, I suggest Malwarebytes because it has a fairly small footprint when compared to the others, but all three are excellent. For real time protection I suggest Threatfire (for 32-bit only!) but Spyware Terminator is excellent also – just be sure not to install the Crawler “Web Guard” toolbar (it is very annoying). Whatever you decide, remember to not get more then one real-time protection software because it will lag your computer. You can, however get Comodo + Threatfire because they have little to none conflict with each other.


Related Posts

  • reghakr

    I posted this very late on giveaway:

    At this late hour nobody will read this anybody, but I’ll post it

    From Beethink….

    I think the main purpose of BeeThink SpyDetector is network monitoring, it can even display suspect packet detailed contents by double-clicking it. If you try it, you will get more interesting things—some programmes which you trust have strange behavior.
    BeeThink SpyDetector is not a spyware remover tool. There are so many spyware remover tools out there.

    Most everyone here is missing the whole point, including me earlier.

    This is similar to an intrusion detection system. supposedly to analyze network traffic signatures by using signature analysis.

    It’s basically a packet sniffer with a whois lookup

    If you want a real packet sniffer, download Wireshark:

    You’ll also need WinPcap to use the program:

    My personal opinion:

    This type of program is of no use whatsoever on a typical person’s home computer. These programs are used in large corporations to prevent attacks such as Denial of Service attacks or buffer overflows that can bring down a server.

    It’s also used by law enforcement to track down the originating IP of the attacker.

    Trust me, I right on this one guys.

  • I don’t but do this:
    Download CCleaner. Run it.
    Download one of the three on-demand scanners. Run them.

  • misplaced_pollock

    thank you for hosting this site. Strangely enough I started getting massive popups after installing this program and a couple others. Are there programs out there that will monitor an installation and have it tell you exactly what was done during the installation?? ty for any help.

  • Giovanni,

    First of all, the software is only uploaded into softpedia and – it has not been ‘reviewed’ by anyone on there. Secondly, just because it is on and Softpedia does not mean that we are home free – all it means is that the software itself is mostly spyware free. That does not mean the driver is guaranteed to work and not screw up your computer.

    That being said, I would not install this on top of Comodo or Online Armor. Why? Well because there are big chances of conflicts and it is just overkill.

  • giovanni

    Hi Ashraf,

    just a short note to inform you that I’ve just emailed the developer of this SW ( asking him the same questions I made in the forum.

    In fact, as you can see from the GAOTD forum, he sent a strange message in which he said that this application at the moment is neither a PERSONAL FIREWALL in the proper sense of the term nor a REMOVAL SPYWARE TOOL but just a NETWORK TRAFFIC MONITORING TOOL capable to give you precious information about HACKERS ACTIVITY on your system that many (free or even professional) Personal Firewall fail to give you, such as the hackers’ IP addresses or even the EMAIL addresses where hackers send your data to.

    So maybe you’d better change the FREE ALTERNATIVES mentioned in your review focusing your attention more on FREE NETWORK MONITORING TOOLS (if any) rather than on PERSONAL FIREWALLS, ANTISPYWARE or HIPS programs.

    What do you make of it, mate?

    But since this GAOTD, according to its developer’s words, still misses out several Personal FIREWALL features (I’ve just asked him which ones they are) why not add BeeThink SpyDetector 2.0 (just 1.6 MB so not heavy at all) to COMODO or whatever else FIREWALL so as to get more information about any possible spyware activity on our network which other FREE Personal Firewall usually fail to deliver?

    As far as you know does it enter into conflict with COMODO or other good firewall such as ONLINE ARMOURED?

    After all, if you think about it, the award-winning Personal Firewall COMODO doesn’t show users the EMAIL addresses where hackers send their data to, don’t they?

    Finally as for as the warning Windows messages are concerned if I were in your shoes I wouldn’t be so worried given that this SW has been published and reviewed on renowned and reliable websites such as SOFTPEDIA and CNET DOWNLOAD.COM for instance.

    So not exactly an unknown or even a suspicious program as you said at beginning of your review.

    What do you make of it?

    Waiting for your feedback!

    Merry Christmas from Italy!


    P.S. Your screenshots are really very good and stunningly clear: just out of curiosity, which program are you using to take them?

  • giovanni

    Hi Ashraf,

    First of all Merry Christmas to you and your family!

    As I already said in the GAOTD forum this application has been reviewed in several PC magazines and professional renowned websites such as SOFTPEDIA, for instance, getting a GOOD rate from its users who have paid 30 bucks to install it:

    Nice and detailed SCREENSHOTS of the program can be found here:

    As you can see from the SOFTPEDIA review BeeThink SpyDetector 2.0 works not only as an Antispyware but also as a FIREWALL as it enables users to monitor network activities in real time even letting them know the remote IP address and ownership information of thoese would-be hackers who are trying to enter into your system to spy on you.

    With this application you can also protect your computer by setting firewall rules such as remote address, port, protocol, users’ black list and white list exactly, as we usually do with more famous FIREWALLS such as ZONE ALARM or COMODO, but you can also collect spyware tracks thanks to a nice feature that records each packet passing through your PC and even more you can even track where your stolen data are going to because BeeThink SpyDetector displays email addresses where hackers send your data to.

    Does COMODO have all these features? It seems to me the answer is NOT but maybe I’m wrong because I’ve installed COMODO just a few days ago….LOL!

    So in my humble view it’s not a bad (and unknown) product at all and since it’s exceptionally FREE today why not give it a try?

    If a product is less known than others it doesn’t necessarily mean that it’s CRAP…LOL!!!

    And what about the RAM USAGE? Have you seen how much RAM this GAOTD eats in compraison with COMODO FIREWALL?

    COMODO is probably the best FREE FIREWALL available on the web but eats a considerable amount of resources, doesn’t it?

    Having said that I believe that for people like me who run COMODO as FIREWALL (but the new ONLINE ARMOR FIREWALL appears to be even better than COMODO as FIREWALL and HIPS program: have you ever heard about it?) and AVIRA ANTIVIR PERSONAL FREE ANTIVIRUS with active WEB GUARD as AV this kind of applications are pretty useless unless you have lots of spare resources on your PC to use which unfortunately is not my case.

    What do you make of it Ashraf?

    Moreover I already have a fabulous ANTISPYWARE running in my PC with Double realtime protection and behavior-based detection (Malware-IDS) called A-SQUARED ANTIMALWARE 4 which has repeatedly been awarded as the best ANTISPYWARE currently available in the market (much better than those mentioned by you..:LOL!).

    It keeps your PC free from Trojans, Viruses/Worms, Keyloggers, Dialer, Rootkits and Spyware/Adware in REAL TIME with the power of two major scan engines!

    Of course it’s not FREEWARE but I was able to get it for FREE here when it was given earlier by GAOTD a few months ago (last August, if I’m not mistaken…what about you??), so if I were in your shoes I’d wait for it because it’s likely to be offered for free by GAOTD once again soon…LOL!

    And just a few days ago the same DEVELOPER has released a NEW FREE VERSION of A-SQUARED 4 which uses the same scan engines for the Scanner used by the SHAREWARE version A-SQUARED ANTIMALWARE 4 so the only difference is that the FREE VERSION doesn’t have the behavior blocker module (Malware-IDS) which this GAOTD instead has!!

    So a fabulous DETECTION and REMOVAL TOOL ON DEMAND ready to be used!

    You can find all information of this astounishing FREE product here:


    Alternatively why not use the A-squared Commandline Scanner (best results in SAFE MODE):


    Let’s have a try in Safe Mode where most malicious programs can be caught ’sleeping’ as Windows loads only system-critical services: you have no idea what this stunning TOOL can find!!

    Other good FREEWARE ANTISPYWARE capable to make a deep scansion ON DEMAND of your PC are MALWAREBYTES’ ANTIMALWARE, as you rightly said in your review (but be careful when you update the program as its MIRRORS have recently encountered lots of troubles to UPDATE its SIGNATURES DATABASE), and of course the more famous and Award Winning SPYWARE DOCTOR (downloadable for FREE from GOOGLEPACK), one of the best ANTISPYWARE products I ever seen even though it uses too much CPU and RAM resources to my tastes (so not suitable for PC with low RAM and old CPU like mine).

    Finally, as for as the HIPS programs are concerned besides THREATFIRE I suggest you having a look at the following ones:

    – ProcessGuard Free

    – WinPatrol

    – Samurai

    (very GOOD PROGRAM despite being pretty unknown:

    – Comodo BoClean

    (excellent HACKER PROOF SW:

    – ArovaxShield

    – System Safety Monitor PRO, exceptionally FREE here:

    Just fill in the form to get the free lifetime unlimited license key of the PRO version. The key will be emailed to any regular (paid or free) license holder via email.Excellent product for what it does.

    But if you have no time to learn how to use the above mentioned programs why not try the sandboxes HIPS you strangely didn’t mention in your detailed review, which are much easier to understand and use with no frills.

    The best ones I know are:

    – Sandboxie
    – GeSWall
    – SafeSpace

    Cheers from Italy and once again MERRY CHRISTMAS and Happy New Year!!


  • GAOTD Lover

    Aren’t bees those little harmless things you see outside making honey, not software developers?

    (unless it’s the OTHER kind of bee… the small agile ones that are really poisonous…?)