Different immunizations if running as administrator
My OS is Vista Home Premium.
If I run Spybot as an administrator by right clicking on the desktop, there are at the moment 57,241 items shown as immunized in total. If I do not run as an administrator, there are only 41,069 items shown.
Why does this happen, and what is the significance in terms of system protection, if any?
Thanks.
Spybot immunizes the same entries in multiple registry hives. The numbers can vary from system to system or user to user depending on the operating system, the number of users, the type of user account of the user immunizing (Administrator, limited), etc. With Spybot 1.5 if you have browsers other than Internet Explorer the count is also affected.
_______________________
In Spybot 1.5, look on the immunization screen (pay particular attention to number of different entries in the Profile column). You will note that the limited account has fewer registry hives immunized. This is because the limited account does not have permission to immunize in all registry hives.
If you immunize using an Administrator account and then immunize from the Limited account you are using you will be fully protected.
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
Thanks for your reply.
I just want to be sure that the full Spybot immunization is running in the background for everyone, whether the administrator (me) or someone else who does not have administrator privileges is logged on.
Originally Posted by md usa spybot fan
Unfortunately Spybot S&D throws up nasty warnings if you're not administrator implying that immunization is useless if you're not admin.
This has been confusing my users and causing me pain
IMHO these warnings should be dropped. Instead, at the end of an immunization session, IF the user is NOT an admin AND IF the number of un-immunized settings is NOT ZERO, a dialog telling the user that the system administrator needs to immunize the system to clear up the remaining issues should be displayed. That way users will feel comfortable immunizing themselves.
Alternately if the user is not admin, the dialog should say something like "You will only be able to immunize items specific to your own username. The system administrator will need to immunize system-wide settings."
geoapps:
To clarify: Is this related to your unanswered query (dated 2007-09-21) here?
- v1.5: autoimmunize Command-line when not admin
http://forums.spybot.info/showthread.php?t=18196
Or is this a new problem?
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
This is a comment on the same issue, and it's related to the functioning of the program -- it's misleading at least. If the administrator has already immunized the system, the user still has to immunize himself. The dialog is confusing my users, since you don't HAVE to be admin to immunize yourself, and you DO HAVE to immunize yourself to get all the protection you need.
I have to admit that after these recent comments I am still unclear about the immunization protection.
Fortunately, as is often recommended, I run several security applications, so hopefully I remain well protected even if Spybot's protection is not fully engaged.
The admin immunization in 1.5.2 should be much better in covering all users now
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
It doesn't touch the user's Firefox immunizations, at least not on my systems. My user-level login has three profiles, two on the local drive and one on the network, and running SSD 1.5.2 as Admin didn't update any of the Firefox settings for my user login -- it just did the Firefox settings for the Admin user. I still had to run it using the non-admin user login to immunize Firefox as the user.The admin immunization in 1.5.2 should be much better in covering all users now
The user-level dialog also clearly says the user shouldn't run it without being administrator, and that's just not necessary if immunization has already been run by the administrator.
Also, when I run as non-admin after the admin has already run immunization, it indicates some things are not protected. However, when I re-click the "Immunize" *_SHIELD_ a second time, it shows all items are protected.
What should happen IMHO is the following:
1. If the user is non-admin, check to see if admin has already immunized the system with this data-set. If not, advise user that administrator needs to immunize system first. In either case, let user proceed.
2. When non-admin user immunizes, it should NOT indicate failures to update the stuff already immunized by the admin. However, if admin has NOT yet immunized system, should indicate what items remain to be immunized.
As it is right now, when non-admin immunizes, stuff he can't affect is initially marked as "unimmunized", but when he clicks the shield it correctly shows all items as immunized.
The admin level warning is a Windows function that's designed mostly for Vista I guess, where even admins need to make sure they run apps elevated if they want admin rights. So the text was written with that in mind, I'll take another look at it in this context.
Basing the warning on the number of open immunizations sounds like a good idea as well. I logged that as a feature request here:
Immunization: warn about missing admin rights only if unimmunized
Which Windows are you using? Spybot-S&D starts in the profiles folder and looks for all user folders in there, loading their registry hives and locating specific paths from those, so that even changed appdata paths shouldn't hinder it. Maybe you could also use regedit while Spybot-S&D is running to see if other users registry hives are actually mounted.
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
Posting Permissions
Reply With Quote