SpywareBlaster and Spybot Search & Destroy.

[Charryl Chessman jr.]

In IE7 I have 'hardened' the Internet Security Settings considerably,
including disabling Active Scripting. Scripted websites which I absolutely
trust are added to Trusted sites. Among these are websites from highly
reputable financial institutions and Microsoft/Windows update sites.

This arrangement has been working for me just fine for a very long time.
However, recently some of these trusted websites do not open in the Trusted
zone anymore but instead trying to open in the Internet zone. Needless to
say that since Active Scripting is disabled in the Internet Zone the
websites won't open correctly.

I reset IE7 numerous times, always followed by enabling all (updated)
protections SpywareBlaster and Spybot S&D have to offer. The problem did not
go away.

Well, I reset IE7 again but this time without utilizing either
Spywareblaster and Spybot S&D and was pleasantly surprised that the websites
I added to the Trusted zone do open in accordance with my original settings.

I tested this arrangement by applying the protection/immunization facilities
(one at the time) provided by SpywareBlaster/Spybot S&D and same problem
recurred. To be sure, I conducted this test three times with the same
results.

Based on this, I am pretty certain that the protection/immunization
facilities of both Spywareblaster and Spybot S&D are causing this
occurrence.

I posted a write-up with respect to the above to
http://www.wilderssecurity.com/ and still awaiting a response.

In the meantime, could experts in this newsgroup please advise if it is
deemed to be essential utilizing applications such as Spywareblaster and/or
Spybot S&D for adding website to the Restricted zone?

What are the downsides for not using these services?

Are there other alternatives available?

TIA,
Charryl Chessman jr.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In IE7 I have 'hardened' the Internet Security Settings considerably,
including disabling Active Scripting. Scripted websites which I
absolutely trust are added to Trusted sites. Among these are websites
from highly reputable financial institutions and Microsoft/Windows
update sites.

This arrangement has been working for me just fine for a very long time.
However, recently some of these trusted websites do not open in the
Trusted zone anymore but instead trying to open in the Internet zone.
Needless to say that since Active Scripting is disabled in the Internet
Zone the websites won't open correctly.

<snip>

So at least one of them is adding a match to your site on the Restricted
Sites list. Which web site are you now experiencing problems with?

Both Spybot S&D (immunize) and SpywareBlaster perform similar functions,
although I believe only the latter inoculates against particular ActiveX
controls. There are no side effects to using both, as any overlap will have
no effect. I use both on many machines and have never experienced problems
before.

However, if you are using effective anti-virus, such as Eset's NOD32 or
Kaspersky, these measures are not necessary as you are suitably protected.
I would advise you still use Spybot/SpywareBlaster if you use any other
anti-virus system.


HTH,
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF5rny7uRVdtPsXDkRAo/PAKCCmqMbQH4zp02oOEnf4vgTWz3PYgCdE05m
+xgcBCctuuuEmThX5UvaxHk=
=XzNA
-----END PGP SIGNATURE-----

 

[Charryl Chessman jr.]

In-line response.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<snip>

So at least one of them is adding a match to your site on the Restricted
Sites list. Which web site are you now experiencing problems with?

The websites are:
1) http://www.guestmcleod.com.au or http://*.guestmcleod.com.au
2) https://www.visiweb.com.au or https://*.visiweb.com.au
3) https://personal.macquarie.com.au
4) http://www.macquarie.com.au or http://*.macquarie.com.au

Both Spybot S&D (immunize) and SpywareBlaster perform similar functions,
although I believe only the latter inoculates against particular ActiveX
controls. There are no side effects to using both, as any overlap will
have
no effect. I use both on many machines and have never experienced problems
before.

I too use both applications for many years without any problems. If I knew
how to roll-back the last 2 or 3 updates I probably could pin-point the
matching websites and remove them from the list.

However, if you are using effective anti-virus, such as Eset's NOD32 or
Kaspersky, these measures are not necessary as you are suitably protected.
I would advise you still use Spybot/SpywareBlaster if you use any other
anti-virus system.

I use Kaspersky (AOL's AVS). I am a carful surfer and practicing safe-hex.
I now feel more comfortable dumping both Spybot S&D and SpywareBlaster and
probably switch to SUPERAntiSpyware or Spyware Terminator.

CC jr.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The websites are:
1) http://www.guestmcleod.com.au or http://*.guestmcleod.com.au
2) https://www.visiweb.com.au or https://*.visiweb.com.au
3) https://personal.macquarie.com.au
4) http://www.macquarie.com.au or http://*.macquarie.com.au

I cannot find any of these sites on my Restricted Lists lists. It's
possible an update from one of the programs at some point listed them
incorrectly.

Have you tried disabling the immunization on both programs? I believe
reinstalling IE does not change the Restricted Sites list so you would have
to do the former to "clean up".

You mention you can get these web sites working again, you then immunized
with both programs and the problem recurred. You should be able to pinpoint
which of the programs is causing this by re-tracing your steps but testing
after using only one immunization.

If you cannot get the sites working again I'd suggest to check through the
restricted sites list manually to see if it contains any references to
these sites.
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF5/FG7uRVdtPsXDkRAssZAJ4lQYYROJhtw9YPCqW+4nJGH4M9DwCgji0V
4npzMItkjaI7899vOi1Scck=
=NxMy
-----END PGP SIGNATURE-----

 

[Charryl Chessman jr.]

In-line response.

I cannot find any of these sites on my Restricted Lists lists. It's
possible an update from one of the programs at some point listed them
incorrectly.

Yes, it's definitely a recent update. If I knew how to roll back the last 2
or 3 updates I possibly could pin-point the incorrect listing.

Have you tried disabling the immunization on both programs? I believe
reinstalling IE does not change the Restricted Sites list so you would
have
to do the former to "clean up".

IE7 has got a reset function which will clear all websites from the
Restricted Zone.

You mention you can get these web sites working again, you then immunized
with both programs and the problem recurred. You should be able to
pinpoint
which of the programs is causing this by re-tracing your steps but testing
after using only one immunization.

Done this already. Both programs are causing this.

If you cannot get the sites working again I'd suggest to check through the
restricted sites list manually to see if it contains any references to
these sites.

This is a monumental task. I'd rather discontinue using SpywareBlaster and
refrain from using the immunization function in Spybot S&D. I may even
consider dumping both applications and try SUPERAntiSpyware and/or Spyware
Terminator.

CC jr.

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a monumental task. I'd rather discontinue using SpywareBlaster
and refrain from using the immunization function in Spybot S&D. I may
even consider dumping both applications and try SUPERAntiSpyware and/or
Spyware Terminator.

In a command prompt have a look at the "reg" command, particularly export.
You can export it to a file for easy searching if you wish to continue the
investigation
- --
Adam Piggott, Proprietor, Proactive Services (Computing).
http://www.proactiveservices.co.uk/

Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFF6Fv87uRVdtPsXDkRAu6FAJ4xpC5FFk7Hgfc4wjCozFE6V7oxCQCfVqnF
PtQ1ASkGgJEUnuV6ujg95Jg=
=WpAA
-----END PGP SIGNATURE-----

 

[Charryl Chessman jr.]

In-line response.

In a command prompt have a look at the "reg" command, particularly export.

Now it's getting to be complicated
Where exactly can I find this "reg" command?

You can export it to a file for easy searching if you wish to continue the
investigation

I wouldn't mind continuing the investigation but the course of action may be
beyond my computing capabilities.
Could you direct me to an appropriate site which explains this (easy
searching) process a bit more detailed?

I do appreciate your advice and patience.

CC jr.