Internet Agent Puzzle

[Guest]

In Real time protection/Internet Agents/Internet Events, it says there is
one where I " decided to allow the trusted site 139mm.com to Internet
Explorer." As far as I am aware I did not do this. The site appears to be a
chinese one. Ive been to my Trusted Sites in IE and it is not there. (I have
no Trusted Sites in IE). What made the Beta put in this entry? And if it was
an accident on my part, how do I reverse the "decided to allow.?"

 

[Bill Sanderson]

There are some bugs which reverse the trusted and forbidden descriptors in
these messages.

Is this site in your blocked sites list in IE?

 

[Dave M]

From Andy in the 'general' forum of 9/30:
It may just be a false positive if you have Spybot Search
& Destroy installed, there is a issue where MS Antispy
detects sites added to the restricted zone and displays a
warning that its trying to enter itself into the trusted
zone, Ive seen this myself last week when I asked someone
to install Spybot and enable the immunize feature, they
got a warning saying 139mm was trying to enter itself
into the Trusted Zone.

Here's a support page from MS that explains this:

http://support.microsoft.com/?kbid=902956

I can't get to the above site or it's moved location to display right now,
but if it's false it should be in the next set of signature updates. You
don't want to go to 139mm... ugly,

 

[Dave M]

Taking that back about the update fix. The site is up now...
http://support.microsoft.com/?kbid=902956
and it appears to be a known bug with MSAS, provided you're running Search &
Destroy
with immunizations enabled, though I'm not certain are using it. Let us
know...

 

[Guest]

tks for the replies. Yes I am using Spybot Search and Destroy. So that might
explain it. Also, I have put the 139mm.com in my Blocked Sites, just in case.
(though ive no evidence that this is a dangerous site).
Tks again and for the link which I will read.

 

[Guest]

Having read the KB article, Im not sure that is quite the same is it? I have
the site as being allowed by myself and have no memory of doing it. Dont
understand why it wouldnt appear in my Trusted Sites list either, when the
Beta refers to it as a Trusted site.

 

[Dave M]

Though I don't use Spybot, I do use Spysweeper which does sort of the same
thing but in a different way, they add malicious site entries to the Host
file that direct you back to your local machine if you attempt to go to one
of these sites. What I got from the article was, that Spybot added such
sites to the Restricted sites list, but MSAS incorrectly interprets it as
being added to the Trusted sites or at least neglects to differentiate the
Inoculation addition correctly (bug - or the result of late night coding).
Check and see if it's really not in Restricted. This should be fixed with
the appearance of Beta2.

 

[Guest]

tks dave.
Do you mean check in Spybot to see if its in the Restriced Sites? If so, yes
ill do that. Ive already looked in my IE blocked sites and it wasnt there
originally but I have put it there manually (just in case). Appreciate the
explanation. Its a weakness of the Beta that when it does thing, it often
doesnt explain very clearly what its doing and I believe is beyond the
comprehension of most (average) users.

L

 

[Dave M]

I meant in Internet Explorer itself /Tools/Internet
Options/Security/Restricted sites/ click Sites

 

[Guest]

no bill the site was not in there. but i put it in manually

 

[Bill Sanderson]

Not sure what happened--but putting it in there is what was intended, I
believe.

--

 

[Guest]

By the way Dave M, I did try to go to the 139 site to see what it was. (silly
me) It was all in chinese. I didnt stay long and ran all my spyware/AV checks
afterwards just in case. As I said, its now in my blocked sites anyway, just
in case.

 

[Dave M]

LOL... toldyah!!!
Actually, I looked at it in the Googled translation... Chinese kiddies.
Let's get Chairman Mao back in there, and clean up this stuff, those little red
books never had spyware.

Which leads me to another subject...
Is anyone here using ehowes IE-SPYAD in conjunction with MSAS... and if so how
does it coexist? I've gotta think that it would have similar problems to the
Trusted/Restricted sites additions from Search & Destroy in the current Beta 1.
But I think it might be worth pursuing if anyone has some feedback on this.
Yes, I know another blacklist.

Howes site:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

Regards, Dave

 

[Guest]

Same thing happened to me and now I would like to know if anything has
transpired in the various updates to allow the removal of that entry from the
"allowed" list?

 

[Dave M]

The "updates" to Beta1 appear to be a bit of a misnomer. Ms is putting their
re-coding effort into Beta2, not toward trying to fix Beta1. The only obvious
change to the "updated" code is in the expiration date of the Beta1 product.

Since this specified free product will make no direct money for Microsoft, I
would expect the development efforts here to have less priority than other
revenue producing applications. In other words we're going to have to wait for
Windows® Defender to see significant changes/fixes, and that won't happen until
the first half of 2006.