Re: Spybot and BHO
From: JD (Erehwon_at_Example.com)
Date: 03/27/05
- Next message: indiana: "Firewall Rules"
- Previous message: Rick T: "Re: MS05-002 on 9x and ME"
- In reply to: Vanguard: "Re: Spybot and BHO"
- Next in thread: Vanguard: "Re: Spybot and BHO"
- Reply: Vanguard: "Re: Spybot and BHO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Mar 2005 22:13:07 -0800
You've given me a long and thoughtful reply, for which I am deeply
appreciative. I will study it.
On quick reading, it appears that you're advising against having that BHO
"enabled." Not very useful and where it might be, redundant. I have noted
its tendency to flag cookies.
<Vanguard> wrote in message news:w8qdnSzyW9zD2NvfRVn-uw@comcast.com...
> "JD" <Erehwon@Example.com> wrote in message
> news:%23BcnpfmMFHA.3960@TK2MSFTNGP12.phx.gbl...
>> So do I correctly infer that the "immunize feature" is protection against
>> malware, so that a system scan should never find any?
>> Is it your view that enabling this feature is a good idea, or is it ever
>> problematic? If the latter, how does one disable it--short of
>> uninstalling and reinstalling Spybot?
>
>> <Vanguard> wrote in message news:YvSdnZqJjPa7c9jfRVn-rg@comcast.com...
>>> "JD" <Erehwon@Example.com> wrote in message
>>> news:%23GlGiPlMFHA.3228@TK2MSFTNGP12.phx.gbl...
>>>>I just installed Spybot S+D, and I notice that a BHO called "Bad
>>>>download blocker" was installed in IE.
>>>> I don't see anything about this in Help, and I'm curious as to what
>>>> this add-on does.
>>>> Is it a "real time" protection of some sort? Will it prevent the
>>>> downloading of malware?
>>>> Additionally, I wonder if someone can enlighten me regarding another
>>>> BHO. This one is called Research, and it shows no name under Publisher
>>>> and none under File name.
>>>>
>>>
>>>
>>> You enabled the Immunize feature in Spybot, so you told Spybot to
>>> install its BHO.
>>>
>>> Use BHO Demon to list the BHOs that are installed. They also have a
>>> database of known BHOs and maybe your's is one of them, so it will show
>>> some vendor info for the BHO in its display listing the BHOs.
>
>
> Catching changes is not the same as scanning files. Changes are current.
> That won't detect an existing infection. Spybot's Immunize feature does
> not block against spyware infiltrating into your system. It adds sites to
> the Restricted Zone to neuter them when visited with your browser. It
> also adds cookies to the Block list so that that Spybot deemed are "bad"
> don't get put onto your hard drive - but there are better methods of
> managing cookies than using someone else's blacklist. The Immunize
> feature also adds registry entries known as kill-bits to block the
> execution of "bad" ActiveX controls, but SpywareBlaster is better for
> that. However, unlike what Spybot and SpywareBlaster claim, the use of
> kill-bit registry entries does NOT prevent the installation of these "bad"
> AX control but only in them getting registered and being used (and not
> from preventing them from actually existing on your drive). Adding
> domains to the cookie block list, adding domains to the Restricted Sites
> list, and adding registry kill-bit entries to thwart the execution of AX
> controls are all static functions and don't require Spybot's BHO.
>
> According to Spybot's own help about its Immunize feature, "This is a
> second layer of protection for IE. While the Permanent Immunity blocks
> installers by their ActiveX ID, this one blocks anything that should come
> through by different aspects. You can view a log of blocked installers in
> the Tools / Resident section." By different aspects? Oh yeah, that's
> informative. The option reads, "Enable permanent blocking of bad
> addresses in Internet Explorer". Of the times that I have seen its
> Immunize BHO alert, it was for a cookie from a site on its "bad" list. It
> doesn't look like the BHO exercises any of the spyware signatures against
> an AX control download but instead just looks at the domain from which it
> originates (and probably claims it is a bad AX control if it came from a
> bad domain which means AX controls from other sites are allowed despite
> being bad or good). Personally I don't care just about the "bad" domains
> proliferating their BHOs but also want to monitor BHOs coming from non-bad
> domains. Configure the Internet security zone to always prompt when a
> site wants to download an AX control. Use BHO Demon to list the BHOs and
> use its database of known good and bad BHOs to let you identify the ones
> that are installed. Actually scan for malware.
>
> Spybot has its TeaTimer utility which acts as an IDS (intrustion detection
> system) but it isn't that effective. Use Prevx instead (the Home version
> is free) but knowing what the alerts means requires initiative and not
> something for newbies.
>
> --
> ____________________________________________________________
> Post your replies to the newsgroup. Share with others.
> E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
> ____________________________________________________________
>
- Next message: indiana: "Firewall Rules"
- Previous message: Rick T: "Re: MS05-002 on 9x and ME"
- In reply to: Vanguard: "Re: Spybot and BHO"
- Next in thread: Vanguard: "Re: Spybot and BHO"
- Reply: Vanguard: "Re: Spybot and BHO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
