false positive: searchsquire.com forced in to Restricted zone reported as threat

J

Jay Libove

I have both Ad-Aware and SpyBot Search & Destroy
installed on a system where I tested Microsoft
AntiSpyware Beta 1. I got a false positive on the
registry entry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com. This entry
exists, because it is part of a past 'innoculation'
performed by a previous anti-spyware program, which
places this site (And hundreds of others) in Zone 4 -
Restricted Sites.

It is necessary for the product to look deeper than the
simple presence of a ZoneMap\Domains\sitename entry, and
to see what is inside it. If a user follows the
AntiSpyware product's suggestion to "fix" this "threat",
then in fact the user becomes *more* at risk because that
site moves from the Restricted zone to the Internet zone.

-Jay Libove, CISSP
 
J

JohnB

-----Original Message-----
I have both Ad-Aware and SpyBot Search & Destroy
installed on a system where I tested Microsoft
AntiSpyware Beta 1. I got a false positive on the
registry entry
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\searchsquire.com. This entry
exists, because it is part of a past 'innoculation'
performed by a previous anti-spyware program, which
places this site (And hundreds of others) in Zone 4 -
Restricted Sites.

It is necessary for the product to look deeper than the
simple presence of a ZoneMap\Domains\sitename entry, and
to see what is inside it. If a user follows the
AntiSpyware product's suggestion to "fix" this "threat",
then in fact the user becomes *more* at risk because that
site moves from the Restricted zone to the Internet zone.

-Jay Libove, CISSP

.

Same on my machine, but why only Searchsquire? I have
hundreds of nasty sites in the restricted zone (4), and
many are similar to the one picked out here. If the Beta
version is ignoring the zonemap data, then it should be
producing a number of false positives.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top